Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/pgbackrest-2.30/src/command/archive/common.c
Examining data/pgbackrest-2.30/src/command/archive/common.h
Examining data/pgbackrest-2.30/src/command/archive/get/file.c
Examining data/pgbackrest-2.30/src/command/archive/get/file.h
Examining data/pgbackrest-2.30/src/command/archive/get/get.c
Examining data/pgbackrest-2.30/src/command/archive/get/get.h
Examining data/pgbackrest-2.30/src/command/archive/get/protocol.c
Examining data/pgbackrest-2.30/src/command/archive/get/protocol.h
Examining data/pgbackrest-2.30/src/command/archive/push/file.c
Examining data/pgbackrest-2.30/src/command/archive/push/file.h
Examining data/pgbackrest-2.30/src/command/archive/push/protocol.c
Examining data/pgbackrest-2.30/src/command/archive/push/protocol.h
Examining data/pgbackrest-2.30/src/command/archive/push/push.c
Examining data/pgbackrest-2.30/src/command/archive/push/push.h
Examining data/pgbackrest-2.30/src/command/backup/backup.c
Examining data/pgbackrest-2.30/src/command/backup/backup.h
Examining data/pgbackrest-2.30/src/command/backup/common.c
Examining data/pgbackrest-2.30/src/command/backup/common.h
Examining data/pgbackrest-2.30/src/command/backup/file.c
Examining data/pgbackrest-2.30/src/command/backup/file.h
Examining data/pgbackrest-2.30/src/command/backup/pageChecksum.c
Examining data/pgbackrest-2.30/src/command/backup/pageChecksum.h
Examining data/pgbackrest-2.30/src/command/backup/protocol.c
Examining data/pgbackrest-2.30/src/command/backup/protocol.h
Examining data/pgbackrest-2.30/src/command/check/check.c
Examining data/pgbackrest-2.30/src/command/check/check.h
Examining data/pgbackrest-2.30/src/command/check/common.c
Examining data/pgbackrest-2.30/src/command/check/common.h
Examining data/pgbackrest-2.30/src/command/command.c
Examining data/pgbackrest-2.30/src/command/command.h
Examining data/pgbackrest-2.30/src/command/control/common.c
Examining data/pgbackrest-2.30/src/command/control/common.h
Examining data/pgbackrest-2.30/src/command/control/start.c
Examining data/pgbackrest-2.30/src/command/control/start.h
Examining data/pgbackrest-2.30/src/command/control/stop.c
Examining data/pgbackrest-2.30/src/command/control/stop.h
Examining data/pgbackrest-2.30/src/command/expire/expire.c
Examining data/pgbackrest-2.30/src/command/expire/expire.h
Examining data/pgbackrest-2.30/src/command/help/help.c
Examining data/pgbackrest-2.30/src/command/help/help.h
Examining data/pgbackrest-2.30/src/command/info/info.c
Examining data/pgbackrest-2.30/src/command/info/info.h
Examining data/pgbackrest-2.30/src/command/local/local.c
Examining data/pgbackrest-2.30/src/command/local/local.h
Examining data/pgbackrest-2.30/src/command/remote/remote.c
Examining data/pgbackrest-2.30/src/command/remote/remote.h
Examining data/pgbackrest-2.30/src/command/repo/create.c
Examining data/pgbackrest-2.30/src/command/repo/create.h
Examining data/pgbackrest-2.30/src/command/repo/get.c
Examining data/pgbackrest-2.30/src/command/repo/get.h
Examining data/pgbackrest-2.30/src/command/repo/ls.c
Examining data/pgbackrest-2.30/src/command/repo/ls.h
Examining data/pgbackrest-2.30/src/command/repo/put.c
Examining data/pgbackrest-2.30/src/command/repo/put.h
Examining data/pgbackrest-2.30/src/command/repo/rm.c
Examining data/pgbackrest-2.30/src/command/repo/rm.h
Examining data/pgbackrest-2.30/src/command/restore/file.c
Examining data/pgbackrest-2.30/src/command/restore/file.h
Examining data/pgbackrest-2.30/src/command/restore/protocol.c
Examining data/pgbackrest-2.30/src/command/restore/protocol.h
Examining data/pgbackrest-2.30/src/command/restore/restore.c
Examining data/pgbackrest-2.30/src/command/restore/restore.h
Examining data/pgbackrest-2.30/src/command/stanza/common.c
Examining data/pgbackrest-2.30/src/command/stanza/common.h
Examining data/pgbackrest-2.30/src/command/stanza/create.c
Examining data/pgbackrest-2.30/src/command/stanza/create.h
Examining data/pgbackrest-2.30/src/command/stanza/delete.c
Examining data/pgbackrest-2.30/src/command/stanza/delete.h
Examining data/pgbackrest-2.30/src/command/stanza/upgrade.c
Examining data/pgbackrest-2.30/src/command/stanza/upgrade.h
Examining data/pgbackrest-2.30/src/command/verify/file.c
Examining data/pgbackrest-2.30/src/command/verify/file.h
Examining data/pgbackrest-2.30/src/command/verify/protocol.c
Examining data/pgbackrest-2.30/src/command/verify/protocol.h
Examining data/pgbackrest-2.30/src/command/verify/verify.c
Examining data/pgbackrest-2.30/src/command/verify/verify.h
Examining data/pgbackrest-2.30/src/common/assert.h
Examining data/pgbackrest-2.30/src/common/compress/bz2/common.c
Examining data/pgbackrest-2.30/src/common/compress/bz2/common.h
Examining data/pgbackrest-2.30/src/common/compress/bz2/compress.c
Examining data/pgbackrest-2.30/src/common/compress/bz2/compress.h
Examining data/pgbackrest-2.30/src/common/compress/bz2/decompress.c
Examining data/pgbackrest-2.30/src/common/compress/bz2/decompress.h
Examining data/pgbackrest-2.30/src/common/compress/gz/common.c
Examining data/pgbackrest-2.30/src/common/compress/gz/common.h
Examining data/pgbackrest-2.30/src/common/compress/gz/compress.c
Examining data/pgbackrest-2.30/src/common/compress/gz/compress.h
Examining data/pgbackrest-2.30/src/common/compress/gz/decompress.c
Examining data/pgbackrest-2.30/src/common/compress/gz/decompress.h
Examining data/pgbackrest-2.30/src/common/compress/helper.c
Examining data/pgbackrest-2.30/src/common/compress/helper.h
Examining data/pgbackrest-2.30/src/common/compress/helper.intern.h
Examining data/pgbackrest-2.30/src/common/compress/lz4/common.c
Examining data/pgbackrest-2.30/src/common/compress/lz4/common.h
Examining data/pgbackrest-2.30/src/common/compress/lz4/compress.c
Examining data/pgbackrest-2.30/src/common/compress/lz4/compress.h
Examining data/pgbackrest-2.30/src/common/compress/lz4/decompress.c
Examining data/pgbackrest-2.30/src/common/compress/lz4/decompress.h
Examining data/pgbackrest-2.30/src/common/compress/zst/common.c
Examining data/pgbackrest-2.30/src/common/compress/zst/common.h
Examining data/pgbackrest-2.30/src/common/compress/zst/compress.c
Examining data/pgbackrest-2.30/src/common/compress/zst/compress.h
Examining data/pgbackrest-2.30/src/common/compress/zst/decompress.c
Examining data/pgbackrest-2.30/src/common/compress/zst/decompress.h
Examining data/pgbackrest-2.30/src/common/crypto/cipherBlock.c
Examining data/pgbackrest-2.30/src/common/crypto/cipherBlock.h
Examining data/pgbackrest-2.30/src/common/crypto/common.c
Examining data/pgbackrest-2.30/src/common/crypto/common.h
Examining data/pgbackrest-2.30/src/common/crypto/hash.c
Examining data/pgbackrest-2.30/src/common/crypto/hash.h
Examining data/pgbackrest-2.30/src/common/crypto/md5.vendor.c
Examining data/pgbackrest-2.30/src/common/debug.c
Examining data/pgbackrest-2.30/src/common/debug.h
Examining data/pgbackrest-2.30/src/common/encode.c
Examining data/pgbackrest-2.30/src/common/encode.h
Examining data/pgbackrest-2.30/src/common/encode/base64.c
Examining data/pgbackrest-2.30/src/common/encode/base64.h
Examining data/pgbackrest-2.30/src/common/error.auto.c
Examining data/pgbackrest-2.30/src/common/error.auto.h
Examining data/pgbackrest-2.30/src/common/error.c
Examining data/pgbackrest-2.30/src/common/error.h
Examining data/pgbackrest-2.30/src/common/exec.c
Examining data/pgbackrest-2.30/src/common/exec.h
Examining data/pgbackrest-2.30/src/common/exit.c
Examining data/pgbackrest-2.30/src/common/exit.h
Examining data/pgbackrest-2.30/src/common/fork.c
Examining data/pgbackrest-2.30/src/common/fork.h
Examining data/pgbackrest-2.30/src/common/ini.c
Examining data/pgbackrest-2.30/src/common/ini.h
Examining data/pgbackrest-2.30/src/common/io/bufferRead.c
Examining data/pgbackrest-2.30/src/common/io/bufferRead.h
Examining data/pgbackrest-2.30/src/common/io/bufferWrite.c
Examining data/pgbackrest-2.30/src/common/io/bufferWrite.h
Examining data/pgbackrest-2.30/src/common/io/client.c
Examining data/pgbackrest-2.30/src/common/io/client.h
Examining data/pgbackrest-2.30/src/common/io/client.intern.h
Examining data/pgbackrest-2.30/src/common/io/fd.c
Examining data/pgbackrest-2.30/src/common/io/fd.h
Examining data/pgbackrest-2.30/src/common/io/fdRead.c
Examining data/pgbackrest-2.30/src/common/io/fdRead.h
Examining data/pgbackrest-2.30/src/common/io/fdWrite.c
Examining data/pgbackrest-2.30/src/common/io/fdWrite.h
Examining data/pgbackrest-2.30/src/common/io/filter/buffer.c
Examining data/pgbackrest-2.30/src/common/io/filter/buffer.h
Examining data/pgbackrest-2.30/src/common/io/filter/filter.c
Examining data/pgbackrest-2.30/src/common/io/filter/filter.h
Examining data/pgbackrest-2.30/src/common/io/filter/filter.intern.h
Examining data/pgbackrest-2.30/src/common/io/filter/group.c
Examining data/pgbackrest-2.30/src/common/io/filter/group.h
Examining data/pgbackrest-2.30/src/common/io/filter/sink.c
Examining data/pgbackrest-2.30/src/common/io/filter/sink.h
Examining data/pgbackrest-2.30/src/common/io/filter/size.c
Examining data/pgbackrest-2.30/src/common/io/filter/size.h
Examining data/pgbackrest-2.30/src/common/io/http/client.c
Examining data/pgbackrest-2.30/src/common/io/http/client.h
Examining data/pgbackrest-2.30/src/common/io/http/common.c
Examining data/pgbackrest-2.30/src/common/io/http/common.h
Examining data/pgbackrest-2.30/src/common/io/http/header.c
Examining data/pgbackrest-2.30/src/common/io/http/header.h
Examining data/pgbackrest-2.30/src/common/io/http/query.c
Examining data/pgbackrest-2.30/src/common/io/http/query.h
Examining data/pgbackrest-2.30/src/common/io/http/request.c
Examining data/pgbackrest-2.30/src/common/io/http/request.h
Examining data/pgbackrest-2.30/src/common/io/http/response.c
Examining data/pgbackrest-2.30/src/common/io/http/response.h
Examining data/pgbackrest-2.30/src/common/io/http/session.c
Examining data/pgbackrest-2.30/src/common/io/http/session.h
Examining data/pgbackrest-2.30/src/common/io/io.c
Examining data/pgbackrest-2.30/src/common/io/io.h
Examining data/pgbackrest-2.30/src/common/io/read.c
Examining data/pgbackrest-2.30/src/common/io/read.h
Examining data/pgbackrest-2.30/src/common/io/read.intern.h
Examining data/pgbackrest-2.30/src/common/io/session.c
Examining data/pgbackrest-2.30/src/common/io/session.h
Examining data/pgbackrest-2.30/src/common/io/session.intern.h
Examining data/pgbackrest-2.30/src/common/io/socket/client.c
Examining data/pgbackrest-2.30/src/common/io/socket/client.h
Examining data/pgbackrest-2.30/src/common/io/socket/common.c
Examining data/pgbackrest-2.30/src/common/io/socket/common.h
Examining data/pgbackrest-2.30/src/common/io/socket/session.c
Examining data/pgbackrest-2.30/src/common/io/socket/session.h
Examining data/pgbackrest-2.30/src/common/io/tls/client.c
Examining data/pgbackrest-2.30/src/common/io/tls/client.h
Examining data/pgbackrest-2.30/src/common/io/tls/session.c
Examining data/pgbackrest-2.30/src/common/io/tls/session.h
Examining data/pgbackrest-2.30/src/common/io/write.c
Examining data/pgbackrest-2.30/src/common/io/write.h
Examining data/pgbackrest-2.30/src/common/io/write.intern.h
Examining data/pgbackrest-2.30/src/common/lock.c
Examining data/pgbackrest-2.30/src/common/lock.h
Examining data/pgbackrest-2.30/src/common/log.c
Examining data/pgbackrest-2.30/src/common/log.h
Examining data/pgbackrest-2.30/src/common/logLevel.h
Examining data/pgbackrest-2.30/src/common/macro.h
Examining data/pgbackrest-2.30/src/common/memContext.c
Examining data/pgbackrest-2.30/src/common/memContext.h
Examining data/pgbackrest-2.30/src/common/regExp.c
Examining data/pgbackrest-2.30/src/common/regExp.h
Examining data/pgbackrest-2.30/src/common/stackTrace.c
Examining data/pgbackrest-2.30/src/common/stackTrace.h
Examining data/pgbackrest-2.30/src/common/stat.c
Examining data/pgbackrest-2.30/src/common/stat.h
Examining data/pgbackrest-2.30/src/common/time.c
Examining data/pgbackrest-2.30/src/common/time.h
Examining data/pgbackrest-2.30/src/common/type/buffer.c
Examining data/pgbackrest-2.30/src/common/type/convert.c
Examining data/pgbackrest-2.30/src/common/type/convert.h
Examining data/pgbackrest-2.30/src/common/type/json.c
Examining data/pgbackrest-2.30/src/common/type/json.h
Examining data/pgbackrest-2.30/src/common/type/keyValue.c
Examining data/pgbackrest-2.30/src/common/type/keyValue.h
Examining data/pgbackrest-2.30/src/common/type/list.c
Examining data/pgbackrest-2.30/src/common/type/list.h
Examining data/pgbackrest-2.30/src/common/type/mcv.c
Examining data/pgbackrest-2.30/src/common/type/mcv.h
Examining data/pgbackrest-2.30/src/common/type/object.h
Examining data/pgbackrest-2.30/src/common/type/param.h
Examining data/pgbackrest-2.30/src/common/type/string.c
Examining data/pgbackrest-2.30/src/common/type/stringList.c
Examining data/pgbackrest-2.30/src/common/type/stringList.h
Examining data/pgbackrest-2.30/src/common/type/stringz.h
Examining data/pgbackrest-2.30/src/common/type/variantList.c
Examining data/pgbackrest-2.30/src/common/type/variantList.h
Examining data/pgbackrest-2.30/src/common/type/xml.c
Examining data/pgbackrest-2.30/src/common/type/xml.h
Examining data/pgbackrest-2.30/src/common/type/buffer.h
Examining data/pgbackrest-2.30/src/common/type/string.h
Examining data/pgbackrest-2.30/src/common/type/variant.c
Examining data/pgbackrest-2.30/src/common/type/variant.h
Examining data/pgbackrest-2.30/src/common/user.c
Examining data/pgbackrest-2.30/src/common/user.h
Examining data/pgbackrest-2.30/src/common/wait.c
Examining data/pgbackrest-2.30/src/common/wait.h
Examining data/pgbackrest-2.30/src/config/config.auto.c
Examining data/pgbackrest-2.30/src/config/config.auto.h
Examining data/pgbackrest-2.30/src/config/config.c
Examining data/pgbackrest-2.30/src/config/config.h
Examining data/pgbackrest-2.30/src/config/define.auto.c
Examining data/pgbackrest-2.30/src/config/define.auto.h
Examining data/pgbackrest-2.30/src/config/define.c
Examining data/pgbackrest-2.30/src/config/define.h
Examining data/pgbackrest-2.30/src/config/exec.c
Examining data/pgbackrest-2.30/src/config/exec.h
Examining data/pgbackrest-2.30/src/config/load.c
Examining data/pgbackrest-2.30/src/config/load.h
Examining data/pgbackrest-2.30/src/config/parse.auto.c
Examining data/pgbackrest-2.30/src/config/parse.c
Examining data/pgbackrest-2.30/src/config/parse.h
Examining data/pgbackrest-2.30/src/config/protocol.c
Examining data/pgbackrest-2.30/src/config/protocol.h
Examining data/pgbackrest-2.30/src/db/db.c
Examining data/pgbackrest-2.30/src/db/db.h
Examining data/pgbackrest-2.30/src/db/helper.c
Examining data/pgbackrest-2.30/src/db/helper.h
Examining data/pgbackrest-2.30/src/db/protocol.c
Examining data/pgbackrest-2.30/src/db/protocol.h
Examining data/pgbackrest-2.30/src/info/info.c
Examining data/pgbackrest-2.30/src/info/info.h
Examining data/pgbackrest-2.30/src/info/infoArchive.c
Examining data/pgbackrest-2.30/src/info/infoArchive.h
Examining data/pgbackrest-2.30/src/info/infoBackup.c
Examining data/pgbackrest-2.30/src/info/infoBackup.h
Examining data/pgbackrest-2.30/src/info/infoPg.c
Examining data/pgbackrest-2.30/src/info/infoPg.h
Examining data/pgbackrest-2.30/src/info/manifest.c
Examining data/pgbackrest-2.30/src/info/manifest.h
Examining data/pgbackrest-2.30/src/main.c
Examining data/pgbackrest-2.30/src/postgres/client.c
Examining data/pgbackrest-2.30/src/postgres/client.h
Examining data/pgbackrest-2.30/src/postgres/interface.c
Examining data/pgbackrest-2.30/src/postgres/interface.h
Examining data/pgbackrest-2.30/src/postgres/interface/page.c
Examining data/pgbackrest-2.30/src/postgres/interface/pageChecksum.vendor.c
Examining data/pgbackrest-2.30/src/postgres/interface/static.vendor.h
Examining data/pgbackrest-2.30/src/postgres/interface/v083.c
Examining data/pgbackrest-2.30/src/postgres/interface/v084.c
Examining data/pgbackrest-2.30/src/postgres/interface/v090.c
Examining data/pgbackrest-2.30/src/postgres/interface/v091.c
Examining data/pgbackrest-2.30/src/postgres/interface/v092.c
Examining data/pgbackrest-2.30/src/postgres/interface/v093.c
Examining data/pgbackrest-2.30/src/postgres/interface/v094.c
Examining data/pgbackrest-2.30/src/postgres/interface/v095.c
Examining data/pgbackrest-2.30/src/postgres/interface/v096.c
Examining data/pgbackrest-2.30/src/postgres/interface/v100.c
Examining data/pgbackrest-2.30/src/postgres/interface/v110.c
Examining data/pgbackrest-2.30/src/postgres/interface/v120.c
Examining data/pgbackrest-2.30/src/postgres/interface/v130.c
Examining data/pgbackrest-2.30/src/postgres/interface/version.h
Examining data/pgbackrest-2.30/src/postgres/interface/version.intern.h
Examining data/pgbackrest-2.30/src/postgres/interface/version.vendor.h
Examining data/pgbackrest-2.30/src/postgres/version.h
Examining data/pgbackrest-2.30/src/protocol/client.c
Examining data/pgbackrest-2.30/src/protocol/client.h
Examining data/pgbackrest-2.30/src/protocol/command.c
Examining data/pgbackrest-2.30/src/protocol/command.h
Examining data/pgbackrest-2.30/src/protocol/helper.c
Examining data/pgbackrest-2.30/src/protocol/helper.h
Examining data/pgbackrest-2.30/src/protocol/parallel.c
Examining data/pgbackrest-2.30/src/protocol/parallel.h
Examining data/pgbackrest-2.30/src/protocol/parallelJob.c
Examining data/pgbackrest-2.30/src/protocol/parallelJob.h
Examining data/pgbackrest-2.30/src/protocol/server.c
Examining data/pgbackrest-2.30/src/protocol/server.h
Examining data/pgbackrest-2.30/src/storage/azure/read.c
Examining data/pgbackrest-2.30/src/storage/azure/read.h
Examining data/pgbackrest-2.30/src/storage/azure/storage.c
Examining data/pgbackrest-2.30/src/storage/azure/storage.h
Examining data/pgbackrest-2.30/src/storage/azure/storage.intern.h
Examining data/pgbackrest-2.30/src/storage/azure/write.c
Examining data/pgbackrest-2.30/src/storage/azure/write.h
Examining data/pgbackrest-2.30/src/storage/cifs/storage.c
Examining data/pgbackrest-2.30/src/storage/cifs/storage.h
Examining data/pgbackrest-2.30/src/storage/helper.c
Examining data/pgbackrest-2.30/src/storage/helper.h
Examining data/pgbackrest-2.30/src/storage/info.h
Examining data/pgbackrest-2.30/src/storage/posix/read.c
Examining data/pgbackrest-2.30/src/storage/posix/read.h
Examining data/pgbackrest-2.30/src/storage/posix/storage.c
Examining data/pgbackrest-2.30/src/storage/posix/storage.h
Examining data/pgbackrest-2.30/src/storage/posix/storage.intern.h
Examining data/pgbackrest-2.30/src/storage/posix/write.c
Examining data/pgbackrest-2.30/src/storage/posix/write.h
Examining data/pgbackrest-2.30/src/storage/read.c
Examining data/pgbackrest-2.30/src/storage/read.h
Examining data/pgbackrest-2.30/src/storage/read.intern.h
Examining data/pgbackrest-2.30/src/storage/remote/protocol.c
Examining data/pgbackrest-2.30/src/storage/remote/protocol.h
Examining data/pgbackrest-2.30/src/storage/remote/read.c
Examining data/pgbackrest-2.30/src/storage/remote/read.h
Examining data/pgbackrest-2.30/src/storage/remote/storage.c
Examining data/pgbackrest-2.30/src/storage/remote/storage.h
Examining data/pgbackrest-2.30/src/storage/remote/storage.intern.h
Examining data/pgbackrest-2.30/src/storage/remote/write.c
Examining data/pgbackrest-2.30/src/storage/remote/write.h
Examining data/pgbackrest-2.30/src/storage/s3/read.c
Examining data/pgbackrest-2.30/src/storage/s3/read.h
Examining data/pgbackrest-2.30/src/storage/s3/storage.c
Examining data/pgbackrest-2.30/src/storage/s3/storage.h
Examining data/pgbackrest-2.30/src/storage/s3/storage.intern.h
Examining data/pgbackrest-2.30/src/storage/s3/write.c
Examining data/pgbackrest-2.30/src/storage/s3/write.h
Examining data/pgbackrest-2.30/src/storage/storage.c
Examining data/pgbackrest-2.30/src/storage/storage.h
Examining data/pgbackrest-2.30/src/storage/storage.intern.h
Examining data/pgbackrest-2.30/src/storage/write.c
Examining data/pgbackrest-2.30/src/storage/write.h
Examining data/pgbackrest-2.30/src/storage/write.intern.h
Examining data/pgbackrest-2.30/src/version.h
Examining data/pgbackrest-2.30/test/src/common/harnessConfig.c
Examining data/pgbackrest-2.30/test/src/common/harnessConfig.h
Examining data/pgbackrest-2.30/test/src/common/harnessDebug.h
Examining data/pgbackrest-2.30/test/src/common/harnessFork.h
Examining data/pgbackrest-2.30/test/src/common/harnessInfo.c
Examining data/pgbackrest-2.30/test/src/common/harnessInfo.h
Examining data/pgbackrest-2.30/test/src/common/harnessLog.c
Examining data/pgbackrest-2.30/test/src/common/harnessLog.h
Examining data/pgbackrest-2.30/test/src/common/harnessPq.c
Examining data/pgbackrest-2.30/test/src/common/harnessPq.h
Examining data/pgbackrest-2.30/test/src/common/harnessServer.c
Examining data/pgbackrest-2.30/test/src/common/harnessServer.h
Examining data/pgbackrest-2.30/test/src/common/harnessStorage.c
Examining data/pgbackrest-2.30/test/src/common/harnessStorage.h
Examining data/pgbackrest-2.30/test/src/common/harnessTest.c
Examining data/pgbackrest-2.30/test/src/common/harnessTest.h
Examining data/pgbackrest-2.30/test/src/common/harnessTest.intern.h
Examining data/pgbackrest-2.30/test/src/module/command/archiveCommonTest.c
Examining data/pgbackrest-2.30/test/src/module/command/archiveGetTest.c
Examining data/pgbackrest-2.30/test/src/module/command/archivePushTest.c
Examining data/pgbackrest-2.30/test/src/module/command/backupCommonTest.c
Examining data/pgbackrest-2.30/test/src/module/command/backupTest.c
Examining data/pgbackrest-2.30/test/src/module/command/checkTest.c
Examining data/pgbackrest-2.30/test/src/module/command/commandTest.c
Examining data/pgbackrest-2.30/test/src/module/command/controlTest.c
Examining data/pgbackrest-2.30/test/src/module/command/expireTest.c
Examining data/pgbackrest-2.30/test/src/module/command/helpTest.c
Examining data/pgbackrest-2.30/test/src/module/command/infoTest.c
Examining data/pgbackrest-2.30/test/src/module/command/localTest.c
Examining data/pgbackrest-2.30/test/src/module/command/remoteTest.c
Examining data/pgbackrest-2.30/test/src/module/command/repoTest.c
Examining data/pgbackrest-2.30/test/src/module/command/restoreTest.c
Examining data/pgbackrest-2.30/test/src/module/command/stanzaTest.c
Examining data/pgbackrest-2.30/test/src/module/command/verifyTest.c
Examining data/pgbackrest-2.30/test/src/module/common/assertOffTest.c
Examining data/pgbackrest-2.30/test/src/module/common/assertOnTest.c
Examining data/pgbackrest-2.30/test/src/module/common/compressTest.c
Examining data/pgbackrest-2.30/test/src/module/common/cryptoTest.c
Examining data/pgbackrest-2.30/test/src/module/common/debugOffTest.c
Examining data/pgbackrest-2.30/test/src/module/common/debugOnTest.c
Examining data/pgbackrest-2.30/test/src/module/common/encodeTest.c
Examining data/pgbackrest-2.30/test/src/module/common/errorTest.c
Examining data/pgbackrest-2.30/test/src/module/common/execTest.c
Examining data/pgbackrest-2.30/test/src/module/common/exitTest.c
Examining data/pgbackrest-2.30/test/src/module/common/forkTest.c
Examining data/pgbackrest-2.30/test/src/module/common/iniTest.c
Examining data/pgbackrest-2.30/test/src/module/common/ioHttpTest.c
Examining data/pgbackrest-2.30/test/src/module/common/ioTest.c
Examining data/pgbackrest-2.30/test/src/module/common/ioTlsTest.c
Examining data/pgbackrest-2.30/test/src/module/common/lockTest.c
Examining data/pgbackrest-2.30/test/src/module/common/logTest.c
Examining data/pgbackrest-2.30/test/src/module/common/memContextTest.c
Examining data/pgbackrest-2.30/test/src/module/common/regExpTest.c
Examining data/pgbackrest-2.30/test/src/module/common/stackTraceTest.c
Examining data/pgbackrest-2.30/test/src/module/common/statTest.c
Examining data/pgbackrest-2.30/test/src/module/common/timeTest.c
Examining data/pgbackrest-2.30/test/src/module/common/typeBufferTest.c
Examining data/pgbackrest-2.30/test/src/module/common/typeConvertTest.c
Examining data/pgbackrest-2.30/test/src/module/common/typeJsonTest.c
Examining data/pgbackrest-2.30/test/src/module/common/typeKeyValueTest.c
Examining data/pgbackrest-2.30/test/src/module/common/typeListTest.c
Examining data/pgbackrest-2.30/test/src/module/common/typeMcvTest.c
Examining data/pgbackrest-2.30/test/src/module/common/typeObjectTest.c
Examining data/pgbackrest-2.30/test/src/module/common/typeStringTest.c
Examining data/pgbackrest-2.30/test/src/module/common/typeVariantTest.c
Examining data/pgbackrest-2.30/test/src/module/common/typeXmlTest.c
Examining data/pgbackrest-2.30/test/src/module/common/typecTest.c
Examining data/pgbackrest-2.30/test/src/module/common/userTest.c
Examining data/pgbackrest-2.30/test/src/module/common/waitTest.c
Examining data/pgbackrest-2.30/test/src/module/config/configTest.c
Examining data/pgbackrest-2.30/test/src/module/config/defineTest.c
Examining data/pgbackrest-2.30/test/src/module/config/execTest.c
Examining data/pgbackrest-2.30/test/src/module/config/loadTest.c
Examining data/pgbackrest-2.30/test/src/module/config/parseTest.c
Examining data/pgbackrest-2.30/test/src/module/config/protocolTest.c
Examining data/pgbackrest-2.30/test/src/module/db/dbTest.c
Examining data/pgbackrest-2.30/test/src/module/info/infoArchiveTest.c
Examining data/pgbackrest-2.30/test/src/module/info/infoBackupTest.c
Examining data/pgbackrest-2.30/test/src/module/info/infoPgTest.c
Examining data/pgbackrest-2.30/test/src/module/info/infoTest.c
Examining data/pgbackrest-2.30/test/src/module/info/manifestTest.c
Examining data/pgbackrest-2.30/test/src/module/performance/storageTest.c
Examining data/pgbackrest-2.30/test/src/module/performance/typeTest.c
Examining data/pgbackrest-2.30/test/src/module/postgres/clientTest.c
Examining data/pgbackrest-2.30/test/src/module/postgres/interfaceTest.c
Examining data/pgbackrest-2.30/test/src/module/protocol/protocolTest.c
Examining data/pgbackrest-2.30/test/src/module/storage/azureTest.c
Examining data/pgbackrest-2.30/test/src/module/storage/cifsTest.c
Examining data/pgbackrest-2.30/test/src/module/storage/posixTest.c
Examining data/pgbackrest-2.30/test/src/module/storage/remoteTest.c
Examining data/pgbackrest-2.30/test/src/module/storage/s3Test.c
Examining data/pgbackrest-2.30/test/src/test.c
FINAL RESULTS:
data/pgbackrest-2.30/src/command/restore/restore.c:744:13: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
chmod(strZ(pgPath), manifestMode) == -1, FileOwnerError, "unable to set mode for '%s'", strZ(pgPath));
data/pgbackrest-2.30/src/storage/posix/storage.c:109:44: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
(linkDestinationSize = readlink(strZ(file), linkDestination, sizeof(linkDestination) - 1)) == -1,
data/pgbackrest-2.30/src/storage/posix/write.c:117:13: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
chown(strZ(this->nameTmp), updateUserId, updateGroupId) == -1, FileOwnerError, "unable to set ownership for '%s'",
data/pgbackrest-2.30/src/command/archive/common.c:260:13: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(strZ(strLstGet(commandExec, 0)), (char ** const)strLstPtr(commandExec)) == -1, ExecuteError,
data/pgbackrest-2.30/src/common/debug.c:17:26: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
result = (size_t)snprintf(buffer, bufferSize, NULL_Z);
data/pgbackrest-2.30/src/common/debug.c:31:26: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
result = (size_t)snprintf(buffer, bufferSize, NULL_Z);
data/pgbackrest-2.30/src/common/debug.c:42:20: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
return (size_t)snprintf(buffer, bufferSize, string == NULL ? "%s" : "\"%s\"", string == NULL ? NULL_Z : string);
data/pgbackrest-2.30/src/common/error.c:380:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(messageBufferTemp, ERROR_MESSAGE_BUFFER_SIZE - 1, format, argument);
data/pgbackrest-2.30/src/common/error.c:421:34: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
size_t messageSize = (size_t)vsnprintf(messageBufferTemp, ERROR_MESSAGE_BUFFER_SIZE - 1, format, argument);
data/pgbackrest-2.30/src/common/error.c:442:38: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
size_t messageSize = (size_t)vsnprintf(messageBufferTemp, ERROR_MESSAGE_BUFFER_SIZE - 1, format, argument);
data/pgbackrest-2.30/src/common/error.h:303:27: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 5, 6))) __attribute__((__noreturn__));
data/pgbackrest-2.30/src/common/error.h:313:27: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 6, 7))) __attribute__((__noreturn__));
data/pgbackrest-2.30/src/common/error.h:323:56: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
const char *format, ...) __attribute__((format(printf, 7, 8)));
data/pgbackrest-2.30/src/common/exec.c:337:9: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(strZ(this->command), (char ** const)strLstPtr(this->param));
data/pgbackrest-2.30/src/common/log.c:400:37: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
result.bufferPos += (size_t)snprintf(logBuffer + result.bufferPos, sizeof(logBuffer) - result.bufferPos, DRY_RUN_PREFIX);
data/pgbackrest-2.30/src/common/log.c:536:34: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
logData.bufferPos += (size_t)vsnprintf(
data/pgbackrest-2.30/src/common/log.h:161:88: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
const char *functionName, int code, const char *format, ...) __attribute__((format(printf, 8, 9)));
data/pgbackrest-2.30/src/common/stackTrace.c:230:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(data->param + data->paramSize, paramName);
data/pgbackrest-2.30/src/common/stackTrace.c:298:18: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int result = vsnprintf(
data/pgbackrest-2.30/src/common/type/convert.c:262:29: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
size_t result = (size_t)snprintf(buffer, bufferSize, "%" PRId64, value);
data/pgbackrest-2.30/src/common/type/convert.c:447:29: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
size_t result = (size_t)snprintf(buffer, bufferSize, "%" PRIu64, value);
data/pgbackrest-2.30/src/common/type/string.c:92:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(this->buffer, string);
data/pgbackrest-2.30/src/common/type/string.c:148:33: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
size_t formatSize = (size_t)vsnprintf(NULL, 0, format, argumentList);
data/pgbackrest-2.30/src/common/type/string.c:158:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(this->buffer, this->size + 1, format, argumentList);
data/pgbackrest-2.30/src/common/type/string.c:327:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(this->buffer + this->size, cat);
data/pgbackrest-2.30/src/common/type/string.c:398:31: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
size_t sizeGrow = (size_t)vsnprintf(NULL, 0, format, argumentList);
data/pgbackrest-2.30/src/common/type/string.c:406:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(this->buffer + this->size, sizeGrow + 1, format, argumentList);
data/pgbackrest-2.30/src/common/type/string.h:68:66: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
String *strNewFmt(const char *format, ...) __attribute__((format(printf, 1, 2)));
data/pgbackrest-2.30/src/common/type/string.h:97:80: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
String *strCatFmt(String *this, const char *format, ...) __attribute__((format(printf, 2, 3)));
data/pgbackrest-2.30/src/info/manifest.c:1039:29: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lastRelationFileId, relationFileId);
data/pgbackrest-2.30/src/main.c:273:21: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(PROJECT_NAME " " PROJECT_VERSION "\n");
data/pgbackrest-2.30/test/src/common/harnessServer.c:232:13: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system("echo \"127.0.0.1 " HRN_SERVER_HOST "\" | sudo tee -a /etc/hosts > /dev/null") != 0)
data/pgbackrest-2.30/test/src/common/harnessTest.c:102:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(testUserData, testUserTemp);
data/pgbackrest-2.30/test/src/common/harnessTest.c:117:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(testGroupData, testGroupTemp);
data/pgbackrest-2.30/test/src/common/harnessTest.c:173:17: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system(buffer) != 0)
data/pgbackrest-2.30/test/src/common/harnessTest.c:183:17: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system(buffer) != 0)
data/pgbackrest-2.30/test/src/common/harnessTest.c:296:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(harnessReplaceKeyBuffer, string);
data/pgbackrest-2.30/test/src/common/harnessTest.c:385:9: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system(command) == 2)
data/pgbackrest-2.30/test/src/common/harnessTest.c:586:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(actualZ, sizeof(actualZ), "%" PRId64, actual);
data/pgbackrest-2.30/test/src/common/harnessTest.c:587:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(expectedZ, sizeof(expectedZ), "%" PRId64, expected);
data/pgbackrest-2.30/test/src/common/harnessTest.c:656:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(actualZ, sizeof(actualZ), "%" PRIu64, actual);
data/pgbackrest-2.30/test/src/common/harnessTest.c:657:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(expectedZ, sizeof(expectedZ), "%" PRIu64, expected);
data/pgbackrest-2.30/test/src/common/harnessTest.c:676:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(actualZ, sizeof(actualZ), "%" PRIu64, actual);
data/pgbackrest-2.30/test/src/common/harnessTest.c:677:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(expectedZ, sizeof(expectedZ), "%" PRId64, expected);
data/pgbackrest-2.30/test/src/common/harnessTest.h:131:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
if (snprintf(TEST_ERROR_FMT_buffer, sizeof(TEST_ERROR_FMT_buffer), __VA_ARGS__) >= (int)sizeof(TEST_ERROR_FMT_buffer)) \
data/pgbackrest-2.30/test/src/common/harnessTest.h:142:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(__VA_ARGS__); \
data/pgbackrest-2.30/test/src/common/harnessTest.h:280:38: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
int TEST_SYSTEM_FMT_result = system(hrnReplaceKey(command)); \
data/pgbackrest-2.30/test/src/common/harnessTest.h:295:13: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
if (snprintf(TEST_SYSTEM_FMT_buffer, sizeof(TEST_SYSTEM_FMT_buffer), __VA_ARGS__) >= (int)sizeof(TEST_SYSTEM_FMT_buffer)) \
data/pgbackrest-2.30/test/src/common/harnessTest.h:323:13: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
if (snprintf(TEST_RESULT_LOG_FMT_buffer, sizeof(TEST_RESULT_LOG_FMT_buffer), __VA_ARGS__) >= \
data/pgbackrest-2.30/test/src/common/harnessTest.h:348:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(format "\n", __VA_ARGS__); \
data/pgbackrest-2.30/test/src/common/harnessTest.h:367:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(format "\n", __VA_ARGS__); \
data/pgbackrest-2.30/test/src/module/command/controlTest.c:92:25: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
TEST_RESULT_INT(system(strZ(strNewFmt("chmod 444 %s", strZ(lockPath)))), 0, "change perms");
data/pgbackrest-2.30/test/src/module/command/controlTest.c:95:25: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
TEST_RESULT_INT(system(strZ(strNewFmt("chmod 700 %s", strZ(lockPath)))), 0, "change perms");
data/pgbackrest-2.30/test/src/module/command/infoTest.c:292:25: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
TEST_RESULT_INT(system(
data/pgbackrest-2.30/test/src/module/command/infoTest.c:295:25: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
TEST_RESULT_INT(system(
data/pgbackrest-2.30/test/src/module/command/infoTest.c:301:25: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
TEST_RESULT_INT(system(
data/pgbackrest-2.30/test/src/module/command/repoTest.c:108:16: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
ASSERT(system(strZ(strNewFmt("ln -s ../bbb %s/repo/link", testPath()))) == 0);
data/pgbackrest-2.30/test/src/module/command/repoTest.c:109:16: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
ASSERT(system(strZ(strNewFmt("mkfifo %s/repo/pipe", testPath()))) == 0);
data/pgbackrest-2.30/test/src/module/common/ioTlsTest.c:244:13: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system( // {uncoverable_branch}
data/pgbackrest-2.30/test/src/module/common/lockTest.c:26:25: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
TEST_RESULT_INT(system(strZ(strNewFmt("touch %s", strZ(archiveLock)))), 0, "touch lock file");
data/pgbackrest-2.30/test/src/module/common/lockTest.c:61:25: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
TEST_RESULT_INT(system(strZ(strNewFmt("mkdir -p 750 %s", strZ(dirLock)))), 0, "create dirtest.lock dir");
data/pgbackrest-2.30/test/src/module/common/lockTest.c:69:25: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
TEST_RESULT_INT(system(strZ(strNewFmt("mkdir -p 750 %s", strZ(strPath(noPermLock))))), 0, "create noperm dir");
data/pgbackrest-2.30/test/src/module/common/lockTest.c:70:25: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
TEST_RESULT_INT(system(strZ(strNewFmt("chmod 000 %s", strZ(strPath(noPermLock))))), 0, "chmod noperm dir");
data/pgbackrest-2.30/test/src/module/config/parseTest.c:435:13: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(
data/pgbackrest-2.30/test/src/module/config/parseTest.c:470:25: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
TEST_RESULT_INT(system(strZ(strNewFmt("rm -rf %s/" "*", strZ(configIncludePath)))), 0, "remove all include files");
data/pgbackrest-2.30/test/src/module/config/parseTest.c:491:13: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(strZ(strNewFmt("touch %s", strZ(strNewFmt("%s/empty.conf", strZ(configIncludePath)))))), 0,
data/pgbackrest-2.30/test/src/module/info/manifestTest.c:198:25: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
TEST_RESULT_INT(system(strZ(strNewFmt("mkfifo -m 666 %s", strZ(specialFile)))), 0, "create pipe");
data/pgbackrest-2.30/test/src/module/postgres/clientTest.c:32:13: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system("sudo pg_createcluster 11 test") != 0)
data/pgbackrest-2.30/test/src/module/postgres/clientTest.c:35:13: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system("sudo pg_ctlcluster 11 test start") != 0)
data/pgbackrest-2.30/test/src/module/postgres/clientTest.c:38:13: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system(strZ(strNewFmt("sudo -u postgres psql -c 'create user %s superuser'", testUser()))) != 0)
data/pgbackrest-2.30/test/src/module/storage/posixTest.c:37:9: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system( \
data/pgbackrest-2.30/test/src/module/storage/posixTest.c:145:25: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
TEST_RESULT_INT(system(strZ(strNewFmt("touch %s", strZ(fileExists)))), 0, "create exists file");
data/pgbackrest-2.30/test/src/module/storage/posixTest.c:151:25: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
TEST_RESULT_INT(system(strZ(strNewFmt("rm %s", strZ(fileExists)))), 0, "remove exists file");
data/pgbackrest-2.30/test/src/module/storage/posixTest.c:159:33: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
TEST_RESULT_INT(system(strZ(strNewFmt("touch %s", strZ(fileExists)))), 0, "create exists file");
data/pgbackrest-2.30/test/src/module/storage/posixTest.c:171:25: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
TEST_RESULT_INT(system(strZ(strNewFmt("rm %s", strZ(fileExists)))), 0, "remove exists file");
data/pgbackrest-2.30/test/src/module/storage/posixTest.c:231:25: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
TEST_RESULT_INT(system(strZ(strNewFmt("sudo chown 99999:99999 %s", strZ(fileName)))), 0, "set invalid user/group");
data/pgbackrest-2.30/test/src/module/storage/posixTest.c:251:25: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
TEST_RESULT_INT(system(strZ(strNewFmt("ln -s /tmp %s", strZ(linkName)))), 0, "create link");
data/pgbackrest-2.30/test/src/module/storage/posixTest.c:277:25: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
TEST_RESULT_INT(system(strZ(strNewFmt("mkfifo -m 666 %s", strZ(pipeName)))), 0, "create pipe");
data/pgbackrest-2.30/test/src/module/storage/posixTest.c:345:16: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
ASSERT(system(strZ(strNewFmt("sudo chown 77777:77777 %s/pg/.include", testPath()))) == 0);
data/pgbackrest-2.30/test/src/module/storage/posixTest.c:350:16: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
ASSERT(system(strZ(strNewFmt("ln -s ../file %s/pg/link", testPath()))) == 0);
data/pgbackrest-2.30/test/src/module/storage/posixTest.c:351:16: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
ASSERT(system(strZ(strNewFmt("mkfifo -m 777 %s/pg/pipe", testPath()))) == 0);
data/pgbackrest-2.30/test/src/module/storage/posixTest.c:379:16: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
ASSERT(system(strZ(strNewFmt("sudo rmdir %s/pg/.include", testPath()))) == 0);
data/pgbackrest-2.30/test/src/module/storage/posixTest.c:652:25: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
TEST_RESULT_INT(system(strZ(strNewFmt("rm -rf %s/sub*", testPath()))), 0, "remove sub paths");
data/pgbackrest-2.30/test/src/module/storage/posixTest.c:671:25: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
TEST_RESULT_INT(system(strZ(strNewFmt("sudo mkdir -p -m 700 %s", strZ(pathRemove2)))), 0, "create noperm paths");
data/pgbackrest-2.30/test/src/module/storage/posixTest.c:681:25: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
TEST_RESULT_INT(system(strZ(strNewFmt("sudo chmod 777 %s", strZ(pathRemove1)))), 0, "top path can be removed");
data/pgbackrest-2.30/test/src/module/storage/posixTest.c:691:13: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(strZ(strNewFmt(
data/pgbackrest-2.30/test/src/module/storage/posixTest.c:700:25: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
TEST_RESULT_INT(system(strZ(strNewFmt("sudo chmod 777 %s", strZ(pathRemove2)))), 0, "bottom path can be removed");
data/pgbackrest-2.30/test/src/module/storage/posixTest.c:709:25: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
TEST_RESULT_INT(system(strZ(strNewFmt("mkdir -p %s", strZ(pathRemove2)))), 0, "create subpaths");
data/pgbackrest-2.30/test/src/module/storage/posixTest.c:754:25: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
TEST_RESULT_INT(system(strZ(strNewFmt("touch %s", strZ(fileName)))), 0, "create read file");
data/pgbackrest-2.30/test/src/module/storage/posixTest.c:894:25: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
TEST_RESULT_INT(system(strZ(strNewFmt("touch %s", strZ(fileExists)))), 0, "create exists file");
data/pgbackrest-2.30/src/config/parse.c:451:26: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((option = getopt_long((int)argListSize, (char **)argList, "-:", optionList, &optionListIdx)) != -1)
data/pgbackrest-2.30/src/command/archive/common.c:293:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int int1 = atoi(strZ(strLstGet(archiveSort1, 1)));
data/pgbackrest-2.30/src/command/archive/common.c:294:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int int2 = atoi(strZ(strLstGet(archiveSort2, 1)));
data/pgbackrest-2.30/src/command/archive/common.c:342:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char currentWorkDir[4096];
data/pgbackrest-2.30/src/command/archive/common.c:352:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newWorkDir[4096];
data/pgbackrest-2.30/src/command/backup/backup.c:55:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[16];
data/pgbackrest-2.30/src/command/backup/backup.c:978:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(
data/pgbackrest-2.30/src/command/backup/backup.c:1824:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(file.checksumSha1, strZ(strSubN(archiveFile, 25, 40)), HASH_TYPE_SHA1_SIZE_HEX + 1);
data/pgbackrest-2.30/src/command/control/stop.c:40:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
((fd = open(strZ(stopFile), O_WRONLY | O_CREAT, STORAGE_MODE_FILE_DEFAULT)) == -1), FileOpenError,
data/pgbackrest-2.30/src/command/control/stop.c:63:31: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(strZ(lockFile), O_RDONLY, 0)) == -1)
data/pgbackrest-2.30/src/command/control/stop.c:79:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char contents[64];
data/pgbackrest-2.30/src/command/info/info.c:603:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timeBufferStart[20];
data/pgbackrest-2.30/src/command/info/info.c:604:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timeBufferStop[20];
data/pgbackrest-2.30/src/command/restore/restore.c:1681:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char restoreTimestamp[20];
data/pgbackrest-2.30/src/command/stanza/common.c:29:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[48]; // 48 is the amount of entropy needed to get a 64 base key
data/pgbackrest-2.30/src/command/stanza/common.c:31:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cipherPassSubChar[64];
data/pgbackrest-2.30/src/common/crypto/cipherBlock.c:50:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char header[CIPHER_BLOCK_HEADER_SIZE]; // Buffer to hold partial header during decrypt
data/pgbackrest-2.30/src/common/crypto/cipherBlock.c:136:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(destination, CIPHER_BLOCK_MAGIC, CIPHER_BLOCK_MAGIC_SIZE);
data/pgbackrest-2.30/src/common/crypto/cipherBlock.c:153:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(this->header + this->headerSize, source, CIPHER_BLOCK_HEADER_SIZE - this->headerSize);
data/pgbackrest-2.30/src/common/crypto/cipherBlock.c:168:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(this->header + this->headerSize, source, sourceSize);
data/pgbackrest-2.30/src/common/crypto/cipherBlock.c:180:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char key[EVP_MAX_KEY_LENGTH];
data/pgbackrest-2.30/src/common/crypto/cipherBlock.c:181:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char initVector[EVP_MAX_IV_LENGTH];
data/pgbackrest-2.30/src/common/crypto/cipherBlock.c:436:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(driver->pass, bufPtrConst(pass), driver->passSize);
data/pgbackrest-2.30/src/common/crypto/md5.vendor.c:48:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[64];
data/pgbackrest-2.30/src/common/crypto/md5.vendor.c:242:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ctx->buffer[used], data, size);
data/pgbackrest-2.30/src/common/crypto/md5.vendor.c:246:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ctx->buffer[used], data, available);
data/pgbackrest-2.30/src/common/crypto/md5.vendor.c:257:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->buffer, data, size);
data/pgbackrest-2.30/src/common/debug.h:244:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[STACK_TRACE_PARAM_MAX]; \
data/pgbackrest-2.30/src/common/error.c:87:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char messageBuffer[ERROR_MESSAGE_BUFFER_SIZE];
data/pgbackrest-2.30/src/common/error.c:88:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char messageBufferTemp[ERROR_MESSAGE_BUFFER_SIZE];
data/pgbackrest-2.30/src/common/error.c:89:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char stackTraceBuffer[ERROR_MESSAGE_BUFFER_SIZE];
data/pgbackrest-2.30/src/common/io/client.c:38:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ASSERT(interface->open != NULL);
data/pgbackrest-2.30/src/common/io/client.c:63:54: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FUNCTION_LOG_RETURN(IO_SESSION, this->interface->open(this->driver));
data/pgbackrest-2.30/src/common/io/client.intern.h:22:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
IoSession *(*open)(void *driver);
data/pgbackrest-2.30/src/common/io/read.c:82:35: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool result = this->interface.open != NULL ? this->interface.open(this->driver) : true;
data/pgbackrest-2.30/src/common/io/read.c:82:66: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool result = this->interface.open != NULL ? this->interface.open(this->driver) : true;
data/pgbackrest-2.30/src/common/io/read.intern.h:21:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool (*open)(void *driver);
data/pgbackrest-2.30/src/common/io/socket/client.c:101:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char port[CVT_BASE10_BUFFER_SIZE];
data/pgbackrest-2.30/src/common/io/write.c:78:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (this->interface.open != NULL)
data/pgbackrest-2.30/src/common/io/write.c:79:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
this->interface.open(this->driver);
data/pgbackrest-2.30/src/common/io/write.intern.h:16:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void (*open)(void *driver);
data/pgbackrest-2.30/src/common/lock.c:62:27: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((result = open(strZ(lockFile), O_WRONLY | O_CREAT, STORAGE_MODE_FILE_DEFAULT)) == -1)
data/pgbackrest-2.30/src/common/log.c:63:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char logBuffer[LOG_BUFFER_SIZE];
data/pgbackrest-2.30/src/common/log.c:68:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *const logLevelList[LOG_LEVEL_TOTAL] =
data/pgbackrest-2.30/src/common/log.c:219:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
logFdFile = open(logFile, O_CREAT | O_APPEND | O_WRONLY, 0640);
data/pgbackrest-2.30/src/common/regExp.c:42:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[4096];
data/pgbackrest-2.30/src/common/stackTrace.c:46:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char functionParamBuffer[32 * 1024]; // Buffer to hold function parameters
data/pgbackrest-2.30/src/common/type/buffer.c:84:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(this->buffer, buffer, this->size);
data/pgbackrest-2.30/src/common/type/buffer.c:102:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(this->buffer, buffer->buffer, this->size);
data/pgbackrest-2.30/src/common/type/buffer.c:147:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(this->buffer + this->used, cat + catOffset, catSize);
data/pgbackrest-2.30/src/common/type/json.c:614:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char working[CVT_BASE10_BUFFER_SIZE];
data/pgbackrest-2.30/src/common/type/json.c:627:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char working[CVT_BASE10_BUFFER_SIZE];
data/pgbackrest-2.30/src/common/type/json.c:640:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char working[CVT_BASE10_BUFFER_SIZE];
data/pgbackrest-2.30/src/common/type/json.c:653:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char working[CVT_BASE10_BUFFER_SIZE];
data/pgbackrest-2.30/src/common/type/list.c:308:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(itemPtr, item, this->itemSize);
data/pgbackrest-2.30/src/common/type/string.c:121:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(this->buffer, bufPtrConst(buffer), this->size);
data/pgbackrest-2.30/src/common/type/variant.c:1051:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char working[CVT_BASE10_BUFFER_SIZE];
data/pgbackrest-2.30/src/common/type/variant.c:1060:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char working[CVT_BASE10_BUFFER_SIZE];
data/pgbackrest-2.30/src/common/type/variant.c:1069:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char working[CVT_BASE10_BUFFER_SIZE];
data/pgbackrest-2.30/src/common/type/variant.c:1084:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char working[CVT_BASE10_BUFFER_SIZE];
data/pgbackrest-2.30/src/common/type/variant.c:1093:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char working[CVT_BASE10_BUFFER_SIZE];
data/pgbackrest-2.30/src/config/define.c:337:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
FUNCTION_TEST_RETURN((char *)dataDefList[valueId]);
data/pgbackrest-2.30/src/config/define.c:449:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
result = (char *)dataDefList[0];
data/pgbackrest-2.30/src/config/define.c:502:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
FUNCTION_TEST_RETURN((char *)dataDefList[valueId]);
data/pgbackrest-2.30/src/config/define.c:563:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
result = (char *)dataDefList[0];
data/pgbackrest-2.30/src/config/define.c:596:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
FUNCTION_TEST_RETURN((char *)dataDefList[valueId]);
data/pgbackrest-2.30/src/config/define.c:643:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
result = (char *)dataDefList[0];
data/pgbackrest-2.30/src/config/define.c:745:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
result = (char *)dataDefList[0];
data/pgbackrest-2.30/src/info/manifest.c:248:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fileAdd.checksumSha1, file->checksumSha1, HASH_TYPE_SHA1_SIZE_HEX + 1);
data/pgbackrest-2.30/src/info/manifest.c:993:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lastRelationFileId[21] = ""; // Large enough for a 64-bit unsigned integer
data/pgbackrest-2.30/src/info/manifest.c:1013:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char relationFileId[sizeof(lastRelationFileId)];
data/pgbackrest-2.30/src/info/manifest.c:1444:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(file.checksumSha1, HASH_TYPE_SHA1_ZERO, HASH_TYPE_SHA1_SIZE_HEX + 1);
data/pgbackrest-2.30/src/info/manifest.c:1449:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(file.checksumSha1, strZ(varStr(kvGet(fileKv, MANIFEST_KEY_CHECKSUM_VAR))), HASH_TYPE_SHA1_SIZE_HEX + 1);
data/pgbackrest-2.30/src/info/manifest.c:2626:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(file->checksumSha1, checksumSha1, HASH_TYPE_SHA1_SIZE_HEX + 1);
data/pgbackrest-2.30/src/info/manifest.h:100:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char checksumSha1[HASH_TYPE_SHA1_SIZE_HEX + 1]; // SHA1 checksum
data/pgbackrest-2.30/src/postgres/client.c:210:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error[256];
data/pgbackrest-2.30/src/postgres/interface/pageChecksum.vendor.c:171:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sums, checksumBaseOffsets, sizeof(checksumBaseOffsets));
data/pgbackrest-2.30/src/postgres/interface/version.vendor.h:792:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mock_authentication_nonce[MOCK_AUTH_NONCE_LEN];
data/pgbackrest-2.30/src/postgres/interface/version.vendor.h:932:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mock_authentication_nonce[MOCK_AUTH_NONCE_LEN];
data/pgbackrest-2.30/src/postgres/interface/version.vendor.h:1071:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mock_authentication_nonce[MOCK_AUTH_NONCE_LEN];
data/pgbackrest-2.30/src/postgres/interface/version.vendor.h:1211:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mock_authentication_nonce[MOCK_AUTH_NONCE_LEN];
data/pgbackrest-2.30/src/postgres/interface/version.vendor.h:2048:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lc_collate[LOCALE_NAME_BUFLEN];
data/pgbackrest-2.30/src/postgres/interface/version.vendor.h:2049:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lc_ctype[LOCALE_NAME_BUFLEN];
data/pgbackrest-2.30/src/storage/azure/storage.c:184:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char authHmacBase64[45];
data/pgbackrest-2.30/src/storage/azure/storage.c:238:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char md5Hash[HASH_TYPE_MD5_SIZE_HEX];
data/pgbackrest-2.30/src/storage/posix/read.c:72:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
this->fd = open(strZ(this->interface.name), O_RDONLY, 0);
data/pgbackrest-2.30/src/storage/posix/storage.c:105:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linkDestination[PATH_MAX];
data/pgbackrest-2.30/src/storage/posix/storage.c:496:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(strZ(path), O_RDONLY, 0);
data/pgbackrest-2.30/src/storage/posix/write.c:79:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
this->fd = open(strZ(this->nameTmp), FILE_OPEN_FLAGS, this->interface.modeFile);
data/pgbackrest-2.30/src/storage/posix/write.c:88:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
this->fd = open(strZ(this->nameTmp), FILE_OPEN_FLAGS, this->interface.modeFile);
data/pgbackrest-2.30/src/storage/s3/storage.c:150:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[ISO_8601_DATE_TIME_SIZE + 1];
data/pgbackrest-2.30/src/storage/s3/storage.c:309:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char md5Hash[HASH_TYPE_MD5_SIZE_HEX];
data/pgbackrest-2.30/test/src/common/harnessLog.c:39:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char logFile[1024];
data/pgbackrest-2.30/test/src/common/harnessLog.c:44:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char harnessLogBuffer[256 * 1024];
data/pgbackrest-2.30/test/src/common/harnessLog.c:60:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int result = open(logFile, flags, mode);
data/pgbackrest-2.30/test/src/common/harnessLog.c:335:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(begin, strZ(replace), strSize(replace));
data/pgbackrest-2.30/test/src/common/harnessLog.c:402:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[4096];
data/pgbackrest-2.30/test/src/common/harnessPq.c:35:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char harnessPqScriptError[4096];
data/pgbackrest-2.30/test/src/common/harnessServer.c:401:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((char *)strZ(actual))[actualIdx] = '?';
data/pgbackrest-2.30/test/src/common/harnessTest.c:42:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char testUserIdData[32];
data/pgbackrest-2.30/test/src/common/harnessTest.c:43:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char testUserData[64];
data/pgbackrest-2.30/test/src/common/harnessTest.c:44:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char testGroupIdData[32];
data/pgbackrest-2.30/test/src/common/harnessTest.c:45:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char testGroupData[64];
data/pgbackrest-2.30/test/src/common/harnessTest.c:170:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[2048];
data/pgbackrest-2.30/test/src/common/harnessTest.c:272:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(begin, replace, strlen(replace));
data/pgbackrest-2.30/test/src/common/harnessTest.c:282:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char harnessReplaceKeyBuffer[256 * 1024];
data/pgbackrest-2.30/test/src/common/harnessTest.c:312:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int result = open(fileName, O_RDONLY, 0660);
data/pgbackrest-2.30/test/src/common/harnessTest.c:339:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int result = open(fileName, O_WRONLY | O_CREAT | O_TRUNC, 0660);
data/pgbackrest-2.30/test/src/common/harnessTest.c:359:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char harnessDiffBuffer[256 * 1024];
data/pgbackrest-2.30/test/src/common/harnessTest.c:372:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char expectedFile[1024];
data/pgbackrest-2.30/test/src/common/harnessTest.c:377:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char actualFile[1024];
data/pgbackrest-2.30/test/src/common/harnessTest.c:382:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[2560];
data/pgbackrest-2.30/test/src/common/harnessTest.c:393:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char resultFile[1024];
data/pgbackrest-2.30/test/src/common/harnessTest.c:523:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char actualZ[256];
data/pgbackrest-2.30/test/src/common/harnessTest.c:524:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char expectedZ[256];
data/pgbackrest-2.30/test/src/common/harnessTest.c:529:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
actual ? strcpy(actualZ, "true") : strcpy(actualZ, "false");
data/pgbackrest-2.30/test/src/common/harnessTest.c:529:48: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
actual ? strcpy(actualZ, "true") : strcpy(actualZ, "false");
data/pgbackrest-2.30/test/src/common/harnessTest.c:534:24: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
expected ? strcpy(expectedZ, "true") : strcpy(expectedZ, "false");
data/pgbackrest-2.30/test/src/common/harnessTest.c:534:52: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
expected ? strcpy(expectedZ, "true") : strcpy(expectedZ, "false");
data/pgbackrest-2.30/test/src/common/harnessTest.c:548:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char actualZ[256];
data/pgbackrest-2.30/test/src/common/harnessTest.c:549:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char expectedZ[256];
data/pgbackrest-2.30/test/src/common/harnessTest.c:583:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char actualZ[256];
data/pgbackrest-2.30/test/src/common/harnessTest.c:584:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char expectedZ[256];
data/pgbackrest-2.30/test/src/common/harnessTest.c:618:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char actualZ[256];
data/pgbackrest-2.30/test/src/common/harnessTest.c:619:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char expectedZ[256];
data/pgbackrest-2.30/test/src/common/harnessTest.c:653:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char actualZ[256];
data/pgbackrest-2.30/test/src/common/harnessTest.c:654:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char expectedZ[256];
data/pgbackrest-2.30/test/src/common/harnessTest.c:673:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char actualZ[256];
data/pgbackrest-2.30/test/src/common/harnessTest.c:674:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char expectedZ[256];
data/pgbackrest-2.30/test/src/common/harnessTest.h:129:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char TEST_ERROR_FMT_buffer[8192]; \
data/pgbackrest-2.30/test/src/common/harnessTest.h:293:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char TEST_SYSTEM_FMT_buffer[8192]; \
data/pgbackrest-2.30/test/src/common/harnessTest.h:321:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char TEST_RESULT_LOG_FMT_buffer[65536]; \
data/pgbackrest-2.30/test/src/module/command/backupTest.c:1665:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(
data/pgbackrest-2.30/test/src/module/command/controlTest.c:158:30: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int lockFd = open(strZ(strNewFmt("%s/empty" LOCK_FILE_EXT, strZ(lockPath))), O_RDONLY, 0);
data/pgbackrest-2.30/test/src/module/command/controlTest.c:215:30: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int lockFd = open(strZ(strNewFmt("%s/empty" LOCK_FILE_EXT, strZ(lockPath))), O_RDONLY, 0);
data/pgbackrest-2.30/test/src/module/command/controlTest.c:315:30: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int lockFd = open(strZ(strNewFmt("%s/badpid" LOCK_FILE_EXT, strZ(lockPath))), O_RDONLY, 0);
data/pgbackrest-2.30/test/src/module/command/restoreTest.c:484:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timeBuffer[20];
data/pgbackrest-2.30/test/src/module/common/cryptoTest.c:59:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[256] = {0};
data/pgbackrest-2.30/test/src/module/common/debugOnTest.c:56:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[STACK_TRACE_PARAM_MAX];
data/pgbackrest-2.30/test/src/module/common/encodeTest.c:17:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char destinationEncode[256];
data/pgbackrest-2.30/test/src/module/common/encodeTest.c:47:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char destinationDecode[256];
data/pgbackrest-2.30/test/src/module/common/errorTest.c:125:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bigMessage[sizeof(messageBuffer) * 32];
data/pgbackrest-2.30/test/src/module/common/forkTest.c:23:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024];
data/pgbackrest-2.30/test/src/module/common/ioTest.c:613:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(strZ(fileName), O_CREAT | O_TRUNC | O_WRONLY, 0700);
data/pgbackrest-2.30/test/src/module/common/logTest.c:23:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int result = open(logFile, flags, mode);
data/pgbackrest-2.30/test/src/module/common/logTest.c:84:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char actual[32768];
data/pgbackrest-2.30/test/src/module/common/logTest.c:188:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stdoutFile[1024];
data/pgbackrest-2.30/test/src/module/common/logTest.c:192:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stderrFile[1024];
data/pgbackrest-2.30/test/src/module/common/logTest.c:223:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fileFile[1024];
data/pgbackrest-2.30/test/src/module/common/stackTraceTest.c:17:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[8];
data/pgbackrest-2.30/test/src/module/common/stackTraceTest.c:66:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[4096];
data/pgbackrest-2.30/test/src/module/common/typeConvertTest.c:17:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[STACK_TRACE_PARAM_MAX];
data/pgbackrest-2.30/test/src/module/common/typeConvertTest.c:30:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[STACK_TRACE_PARAM_MAX];
data/pgbackrest-2.30/test/src/module/common/typeConvertTest.c:41:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[STACK_TRACE_PARAM_MAX];
data/pgbackrest-2.30/test/src/module/common/typeConvertTest.c:63:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[STACK_TRACE_PARAM_MAX];
data/pgbackrest-2.30/test/src/module/common/typeConvertTest.c:106:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[STACK_TRACE_PARAM_MAX];
data/pgbackrest-2.30/test/src/module/common/typeConvertTest.c:119:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[STACK_TRACE_PARAM_MAX];
data/pgbackrest-2.30/test/src/module/common/typeConvertTest.c:136:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[STACK_TRACE_PARAM_MAX];
data/pgbackrest-2.30/test/src/module/common/typeConvertTest.c:147:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[STACK_TRACE_PARAM_MAX];
data/pgbackrest-2.30/test/src/module/common/typeConvertTest.c:164:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[STACK_TRACE_PARAM_MAX];
data/pgbackrest-2.30/test/src/module/common/typeConvertTest.c:189:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[STACK_TRACE_PARAM_MAX];
data/pgbackrest-2.30/test/src/module/common/typeStringTest.c:42:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bufPtr(buffer), "12345678", 8);
data/pgbackrest-2.30/test/src/module/common/typeStringTest.c:256:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/pgbackrest-2.30/test/src/module/performance/storageTest.c:241:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bufPtr(input) + (blockIdx * bufSize(block)), bufPtr(block), bufSize(block));
data/pgbackrest-2.30/test/src/module/postgres/interfaceTest.c:189:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char page[PG_PAGE_SIZE_DEFAULT];
data/pgbackrest-2.30/test/src/module/storage/azureTest.c:76:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char md5Hash[HASH_TYPE_MD5_SIZE_HEX];
data/pgbackrest-2.30/test/src/module/storage/s3Test.c:81:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char md5Hash[HASH_TYPE_MD5_SIZE_HEX];
data/pgbackrest-2.30/test/src/module/storage/s3Test.c:196:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[21];
data/pgbackrest-2.30/src/command/archive/common.c:133:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(linefeedPtr + 1) == 0)
data/pgbackrest-2.30/src/command/archive/push/file.c:73:48: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioFilterGroupAdd(ioReadFilterGroup(read), cryptoHashNew(HASH_TYPE_SHA1_STR));
data/pgbackrest-2.30/src/command/archive/push/file.c:74:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioReadDrain(read);
data/pgbackrest-2.30/src/command/archive/push/file.c:76:93: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const String *walSegmentChecksum = varStr(ioFilterGroupResult(ioReadFilterGroup(read), CRYPTO_HASH_FILTER_TYPE_STR));
data/pgbackrest-2.30/src/command/backup/backup.c:1774:82: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
IoFilterGroup *filterGroup = ioReadFilterGroup(storageReadIo(read));
data/pgbackrest-2.30/src/command/backup/backup.c:1804:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read,
data/pgbackrest-2.30/src/command/backup/file.c:94:52: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioFilterGroupAdd(ioReadFilterGroup(read), cryptoHashNew(HASH_TYPE_SHA1_STR));
data/pgbackrest-2.30/src/command/backup/file.c:95:52: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioFilterGroupAdd(ioReadFilterGroup(read), ioSizeNew());
data/pgbackrest-2.30/src/command/backup/file.c:98:33: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (ioReadDrain(read))
data/pgbackrest-2.30/src/command/backup/file.c:101:63: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioFilterGroupResult(ioReadFilterGroup(read), CRYPTO_HASH_FILTER_TYPE_STR));
data/pgbackrest-2.30/src/command/backup/file.c:102:96: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint64_t pgTestSize = varUInt64Force(ioFilterGroupResult(ioReadFilterGroup(read), SIZE_FILTER_TYPE_STR));
data/pgbackrest-2.30/src/command/backup/file.c:150:51: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioReadFilterGroup(read), cipherBlockNew(cipherModeDecrypt, cipherType, BUFSTR(cipherPass), NULL));
data/pgbackrest-2.30/src/command/backup/file.c:155:64: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioFilterGroupAdd(ioReadFilterGroup(read), decompressFilter(repoFileCompressType));
data/pgbackrest-2.30/src/command/backup/file.c:157:60: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioFilterGroupAdd(ioReadFilterGroup(read), cryptoHashNew(HASH_TYPE_SHA1_STR));
data/pgbackrest-2.30/src/command/backup/file.c:158:60: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioFilterGroupAdd(ioReadFilterGroup(read), ioSizeNew());
data/pgbackrest-2.30/src/command/backup/file.c:160:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioReadDrain(read);
data/pgbackrest-2.30/src/command/backup/file.c:164:67: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioFilterGroupResult(ioReadFilterGroup(read), CRYPTO_HASH_FILTER_TYPE_STR));
data/pgbackrest-2.30/src/command/backup/file.c:165:100: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint64_t pgTestSize = varUInt64Force(ioFilterGroupResult(ioReadFilterGroup(read), SIZE_FILTER_TYPE_STR));
data/pgbackrest-2.30/src/command/backup/file.c:204:62: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioFilterGroupAdd(ioReadFilterGroup(storageReadIo(read)), cryptoHashNew(HASH_TYPE_SHA1_STR));
data/pgbackrest-2.30/src/command/backup/file.c:205:62: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioFilterGroupAdd(ioReadFilterGroup(storageReadIo(read)), ioSizeNew());
data/pgbackrest-2.30/src/command/backup/file.c:211:53: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioReadFilterGroup(storageReadIo(read)), pageChecksumNew(segmentNumber(pgFile), PG_SEGMENT_PAGE_DEFAULT,
data/pgbackrest-2.30/src/command/backup/file.c:219:53: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioReadFilterGroup(storageReadIo(read)), compressFilter(repoFileCompressType, repoFileCompressLevel));
data/pgbackrest-2.30/src/command/backup/file.c:227:39: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
storageReadIo(read)), cipherBlockNew(cipherModeEncrypt, cipherType, BUFSTR(cipherPass), NULL));
data/pgbackrest-2.30/src/command/backup/file.c:235:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (storageCopy(read, write))
data/pgbackrest-2.30/src/command/backup/file.c:241:77: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioFilterGroupResult(ioReadFilterGroup(storageReadIo(read)), SIZE_FILTER_TYPE_STR));
data/pgbackrest-2.30/src/command/backup/file.c:243:84: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
varStr(ioFilterGroupResult(ioReadFilterGroup(storageReadIo(read)), CRYPTO_HASH_FILTER_TYPE_STR)));
data/pgbackrest-2.30/src/command/backup/file.c:251:87: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
varKv(ioFilterGroupResult(ioReadFilterGroup(storageReadIo(read)), PAGE_CHECKSUM_FILTER_TYPE_STR)));
data/pgbackrest-2.30/src/command/control/stop.c:80:43: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t actualBytes = read(fd, contents, sizeof(contents));
data/pgbackrest-2.30/src/command/help/help.c:171:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cfgCommandName(commandId)) > commandSizeMax)
data/pgbackrest-2.30/src/command/help/help.c:172:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
commandSizeMax = strlen(cfgCommandName(commandId));
data/pgbackrest-2.30/src/command/help/help.c:183:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(int)(commandSizeMax - strlen(cfgCommandName(commandId)) + 2), "",
data/pgbackrest-2.30/src/command/help/help.c:238:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cfgDefOptionName(optionDefId)) > optionSizeMax)
data/pgbackrest-2.30/src/command/help/help.c:239:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
optionSizeMax = strlen(cfgDefOptionName(optionDefId));
data/pgbackrest-2.30/src/command/help/help.c:263:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(cfgDefOptionHelpSummary(commandDefId, optionDefId)) - 1));
data/pgbackrest-2.30/src/command/help/help.c:293:82: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cfgDefOptionName(optionDefId), (int)(optionSizeMax - strlen(cfgDefOptionName(optionDefId)) + 2), "",
data/pgbackrest-2.30/src/command/local/local.c:35:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioReadOpen(read);
data/pgbackrest-2.30/src/command/local/local.c:39:86: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ProtocolServer *server = protocolServerNew(name, PROTOCOL_SERVICE_LOCAL_STR, read, write);
data/pgbackrest-2.30/src/command/remote/remote.c:30:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioReadOpen(read);
data/pgbackrest-2.30/src/command/remote/remote.c:34:87: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ProtocolServer *server = protocolServerNew(name, PROTOCOL_SERVICE_REMOTE_STR, read, write);
data/pgbackrest-2.30/src/command/remote/remote.c:47:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioReadLine(read);
data/pgbackrest-2.30/src/command/restore/file.c:86:64: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioFilterGroupAdd(ioReadFilterGroup(read), cryptoHashNew(HASH_TYPE_SHA1_STR));
data/pgbackrest-2.30/src/command/restore/file.c:87:41: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioReadDrain(read);
data/pgbackrest-2.30/src/command/restore/file.c:93:94: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
pgFileChecksum, varStr(ioFilterGroupResult(ioReadFilterGroup(read), CRYPTO_HASH_FILTER_TYPE_STR))))
data/pgbackrest-2.30/src/command/verify/file.c:39:56: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
IoFilterGroup *filterGroup = ioReadFilterGroup(read);
data/pgbackrest-2.30/src/command/verify/file.c:59:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (ioReadDrain(read))
data/pgbackrest-2.30/src/command/verify/file.c:67:87: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
else if (fileSize != varUInt64Force(ioFilterGroupResult(ioReadFilterGroup(read), SIZE_FILTER_TYPE_STR)))
data/pgbackrest-2.30/src/command/verify/verify.c:118:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioReadFilterGroup(read), cipherType(cfgOptionStr(cfgOptRepoCipherType)), cipherModeDecrypt, cipherPass);
data/pgbackrest-2.30/src/command/verify/verify.c:119:40: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioFilterGroupAdd(ioReadFilterGroup(read), cryptoHashNew(HASH_TYPE_SHA1_STR));
data/pgbackrest-2.30/src/command/verify/verify.c:123:44: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioFilterGroupAdd(ioReadFilterGroup(read), decompressFilter(compressTypeFromName(pathFileName)));
data/pgbackrest-2.30/src/common/encode/base64.c:127:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (unsigned int sourceIdx = 0; sourceIdx < strlen(source); sourceIdx += 4)
data/pgbackrest-2.30/src/common/encode/base64.c:163:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t sourceSize = strlen(source);
data/pgbackrest-2.30/src/common/encode/base64.c:188:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t sourceSize = strlen(source);
data/pgbackrest-2.30/src/common/error.c:355:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(messageBuffer, message, sizeof(messageBuffer));
data/pgbackrest-2.30/src/common/error.c:394:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(messageBufferTemp, message, ERROR_MESSAGE_BUFFER_SIZE - 1);
data/pgbackrest-2.30/src/common/exec.c:217:51: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
result = ioReadInterface(this->ioReadFd)->read(ioReadDriver(this->ioReadFd), buffer, block);
data/pgbackrest-2.30/src/common/ini.c:335:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
IoRead *read,
data/pgbackrest-2.30/src/common/ini.c:340:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
FUNCTION_LOG_PARAM(IO_READ, read);
data/pgbackrest-2.30/src/common/ini.c:345:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ASSERT(read != NULL);
data/pgbackrest-2.30/src/common/ini.c:357:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioReadOpen(read);
data/pgbackrest-2.30/src/common/ini.c:361:62: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const String *line = strTrim(ioReadLineParam(read, true));
data/pgbackrest-2.30/src/common/ini.c:443:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (!ioReadEof(read));
data/pgbackrest-2.30/src/common/ini.c:445:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioReadClose(read);
data/pgbackrest-2.30/src/common/ini.h:67:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
IoRead *read,
data/pgbackrest-2.30/src/common/io/bufferRead.c:19:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const Buffer *read; // Buffer to read data from
data/pgbackrest-2.30/src/common/io/bufferRead.c:55:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
actualBytes = bufUsed(this->read) - this->readPos;
data/pgbackrest-2.30/src/common/io/bufferRead.c:63:33: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bufCatSub(buffer, this->read, this->readPos, actualBytes);
data/pgbackrest-2.30/src/common/io/fd.c:62:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fdReady(int fd, bool read, bool write, TimeMSec timeout)
data/pgbackrest-2.30/src/common/io/fd.c:66:34: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
FUNCTION_LOG_PARAM(BOOL, read);
data/pgbackrest-2.30/src/common/io/fd.c:72:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ASSERT(read || write);
data/pgbackrest-2.30/src/common/io/fd.c:78:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read)
data/pgbackrest-2.30/src/common/io/fd.h:13:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool fdReady(int fd, bool read, bool write, TimeMSec timeout);
data/pgbackrest-2.30/src/common/io/fdRead.c:97:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(actualBytes = read(this->fd, bufRemainsPtr(buffer), bufRemains(buffer))) == -1, FileReadError,
data/pgbackrest-2.30/src/common/io/io.c:67:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioReadBuf(IoRead *read)
data/pgbackrest-2.30/src/common/io/io.c:70:38: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
FUNCTION_TEST_PARAM(IO_READ, read);
data/pgbackrest-2.30/src/common/io/io.c:73:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ASSERT(read != NULL);
data/pgbackrest-2.30/src/common/io/io.c:85:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioRead(read, result);
data/pgbackrest-2.30/src/common/io/io.c:87:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (!ioReadEof(read));
data/pgbackrest-2.30/src/common/io/io.c:100:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioReadDrain(IoRead *read)
data/pgbackrest-2.30/src/common/io/io.c:103:38: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
FUNCTION_TEST_PARAM(IO_READ, read);
data/pgbackrest-2.30/src/common/io/io.c:106:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ASSERT(read != NULL);
data/pgbackrest-2.30/src/common/io/io.c:109:40: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioFilterGroupAdd(ioReadFilterGroup(read), ioSinkNew());
data/pgbackrest-2.30/src/common/io/io.c:112:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool result = ioReadOpen(read);
data/pgbackrest-2.30/src/common/io/io.c:119:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioRead(read, bufNew(1));
data/pgbackrest-2.30/src/common/io/io.c:120:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ASSERT(ioReadEof(read));
data/pgbackrest-2.30/src/common/io/io.c:123:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioReadClose(read);
data/pgbackrest-2.30/src/common/io/io.h:18:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Buffer *ioReadBuf(IoRead *read);
data/pgbackrest-2.30/src/common/io/io.h:21:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool ioReadDrain(IoRead *read);
data/pgbackrest-2.30/src/common/io/read.c:47:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ASSERT(interface.read != NULL);
data/pgbackrest-2.30/src/common/io/read.c:151:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
this->interface.read(this->driver, this->input, block);
data/pgbackrest-2.30/src/common/io/read.intern.h:23:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
size_t (*read)(void *driver, Buffer *buffer, bool block);
data/pgbackrest-2.30/src/common/io/socket/session.c:32:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
IoRead *read; // IoRead interface to the file descriptor
data/pgbackrest-2.30/src/common/io/socket/session.c:114:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
FUNCTION_TEST_RETURN(this->read);
data/pgbackrest-2.30/src/common/io/socket/session.c:196:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioReadOpen(driver->read);
data/pgbackrest-2.30/src/common/io/tls/client.c:121:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(strZ(name)) != strSize(name))
data/pgbackrest-2.30/src/common/io/tls/session.c:34:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
IoRead *read; // Read interface
data/pgbackrest-2.30/src/common/io/tls/session.c:305:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
FUNCTION_TEST_RETURN(this->read);
data/pgbackrest-2.30/src/common/io/tls/session.c:399:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioReadOpen(driver->read);
data/pgbackrest-2.30/src/common/log.c:389:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result.logBufferStdErr = logBuffer + result.bufferPos - strlen(logLevelStr(logLevel)) - 2;
data/pgbackrest-2.30/src/common/log.c:413:98: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
logBuffer + result.bufferPos, LOG_BUFFER_SIZE - result.bufferPos, "%.*s::%s: ", (int)strlen(fileName) - 2, fileName,
data/pgbackrest-2.30/src/common/log.c:470:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
logWrite(logFdFile, banner, strlen(banner), "banner to file");
data/pgbackrest-2.30/src/common/log.c:504:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(logBuffer + logData.bufferPos, message, sizeof(logBuffer) - logData.bufferPos);
data/pgbackrest-2.30/src/common/log.c:506:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
logData.bufferPos += strlen(logBuffer + logData.bufferPos);
data/pgbackrest-2.30/src/common/stackTrace.c:207:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t paramNameSize = strlen(paramName);
data/pgbackrest-2.30/src/common/stackTrace.c:323:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer, bufferSize, 0, "%.*s:%s:%u:(%s)", (int)(strlen(fileName) - 2), fileName, functionName, fileLine, param);
data/pgbackrest-2.30/src/common/stackTrace.c:338:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer, bufferSize, result, "\n%.*s:%s", (int)(strlen(data->fileName) - 2), data->fileName, data->functionName);
data/pgbackrest-2.30/src/common/type/buffer.h:158:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
BUF((unsigned char *)stringz, strlen(stringz))
data/pgbackrest-2.30/src/common/type/convert.c:158:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ASSERT(strlen(buffer) >= 8);
data/pgbackrest-2.30/src/common/type/convert.c:163:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *end = buffer + strlen(buffer) - 1;
data/pgbackrest-2.30/src/common/type/string.c:75:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t stringSize = strlen(string);
data/pgbackrest-2.30/src/common/type/string.c:189:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(this->buffer, string, this->size);
data/pgbackrest-2.30/src/common/type/string.c:253:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned int beginsWithSize = (unsigned int)strlen(beginsWith);
data/pgbackrest-2.30/src/common/type/string.c:321:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t sizeGrow = strlen(cat);
data/pgbackrest-2.30/src/common/type/string.c:350:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(this->buffer + this->size, cat, size);
data/pgbackrest-2.30/src/common/type/string.c:502:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned int endsWithSize = (unsigned int)strlen(endsWith);
data/pgbackrest-2.30/src/common/type/string.h:196:98: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
((const String *)&(const StringConst){.buffer = (char *)(bufferParam), .size = (unsigned int)strlen(bufferParam)})
data/pgbackrest-2.30/src/common/type/stringList.c:104:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
stringBase = stringMatch + strlen(delimiter);
data/pgbackrest-2.30/src/common/type/stringList.c:168:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
stringMatch = stringMatchLast - strlen(delimiter);
data/pgbackrest-2.30/src/common/type/stringList.c:171:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
stringBase = stringMatch + strlen(delimiter);
data/pgbackrest-2.30/src/common/type/stringList.c:175:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
stringMatchLast = stringMatch + strlen(delimiter);
data/pgbackrest-2.30/src/common/type/stringList.c:180:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (stringMatchLast != NULL && strlen(stringBase) - strlen(delimiter) >= size)
data/pgbackrest-2.30/src/common/type/stringList.c:180:69: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (stringMatchLast != NULL && strlen(stringBase) - strlen(delimiter) >= size)
data/pgbackrest-2.30/src/common/type/stringList.c:182:93: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strLstAddInternal(this, strNewN(stringBase, (size_t)((stringMatchLast - strlen(delimiter)) - stringBase)));
data/pgbackrest-2.30/src/common/type/xml.c:468:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ASSERT(strlen(string) > 0);
data/pgbackrest-2.30/src/common/type/xml.c:470:73: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
FUNCTION_TEST_RETURN(xmlDocumentNewC((const unsigned char *)string, strlen(string)));
data/pgbackrest-2.30/src/config/load.c:339:13: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(0000);
data/pgbackrest-2.30/src/info/info.c:261:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
infoNewLoad(IoRead *read, InfoLoadNewCallback *callbackFunction, void *callbackData)
data/pgbackrest-2.30/src/info/info.c:264:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
FUNCTION_LOG_PARAM(IO_READ, read);
data/pgbackrest-2.30/src/info/info.c:269:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ASSERT(read != NULL);
data/pgbackrest-2.30/src/info/info.c:295:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
iniLoad(read, infoLoadCallback, &data);
data/pgbackrest-2.30/src/info/info.h:46:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Info *infoNewLoad(IoRead *read, InfoLoadNewCallback *callbackFunction, void *callbackData);
data/pgbackrest-2.30/src/info/infoArchive.c:88:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
infoArchiveNewLoad(IoRead *read)
data/pgbackrest-2.30/src/info/infoArchive.c:91:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
FUNCTION_LOG_PARAM(IO_READ, read);
data/pgbackrest-2.30/src/info/infoArchive.c:94:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ASSERT(read != NULL);
data/pgbackrest-2.30/src/info/infoArchive.c:101:38: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
this->infoPg = infoPgNewLoad(read, infoPgArchive, NULL, NULL);
data/pgbackrest-2.30/src/info/infoArchive.c:275:53: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
cipherBlockFilterGroupAdd(ioReadFilterGroup(read), loadData->cipherType, cipherModeDecrypt, loadData->cipherPass);
data/pgbackrest-2.30/src/info/infoArchive.c:279:56: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
loadData->infoArchive = infoArchiveNewLoad(read);
data/pgbackrest-2.30/src/info/infoArchive.h:37:41: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
InfoArchive *infoArchiveNewLoad(IoRead *read);
data/pgbackrest-2.30/src/info/infoBackup.c:189:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
infoBackupNewLoad(IoRead *read)
data/pgbackrest-2.30/src/info/infoBackup.c:192:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
FUNCTION_LOG_PARAM(IO_READ, read);
data/pgbackrest-2.30/src/info/infoBackup.c:195:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ASSERT(read != NULL);
data/pgbackrest-2.30/src/info/infoBackup.c:202:38: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
this->infoPg = infoPgNewLoad(read, infoPgBackup, infoBackupLoadCallback, this);
data/pgbackrest-2.30/src/info/infoBackup.c:590:53: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
cipherBlockFilterGroupAdd(ioReadFilterGroup(read), loadData->cipherType, cipherModeDecrypt, loadData->cipherPass);
data/pgbackrest-2.30/src/info/infoBackup.c:594:54: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
loadData->infoBackup = infoBackupNewLoad(read);
data/pgbackrest-2.30/src/info/infoBackup.h:66:39: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
InfoBackup *infoBackupNewLoad(IoRead *read);
data/pgbackrest-2.30/src/info/infoPg.c:155:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
infoPgNewLoad(IoRead *read, InfoPgType type, InfoLoadNewCallback *callbackFunction, void *callbackData)
data/pgbackrest-2.30/src/info/infoPg.c:158:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
FUNCTION_LOG_PARAM(IO_READ, read);
data/pgbackrest-2.30/src/info/infoPg.c:164:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ASSERT(read != NULL);
data/pgbackrest-2.30/src/info/infoPg.c:185:34: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
this->info = infoNewLoad(read, infoPgLoadCallback, &loadData);
data/pgbackrest-2.30/src/info/infoPg.h:54:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
InfoPg *infoPgNewLoad(IoRead *read, InfoPgType type, InfoLoadNewCallback *callbackFunction, void *callbackData);
data/pgbackrest-2.30/src/info/manifest.c:1010:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t fileNameSize = strlen(fileName);
data/pgbackrest-2.30/src/info/manifest.c:1737:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
manifestNewLoad(IoRead *read)
data/pgbackrest-2.30/src/info/manifest.c:1740:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
FUNCTION_LOG_PARAM(IO_READ, read);
data/pgbackrest-2.30/src/info/manifest.c:1743:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ASSERT(read != NULL);
data/pgbackrest-2.30/src/info/manifest.c:1766:34: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
this->info = infoNewLoad(read, manifestLoadCallback, &loadData);
data/pgbackrest-2.30/src/info/manifest.c:3074:53: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
cipherBlockFilterGroupAdd(ioReadFilterGroup(read), loadData->cipherType, cipherModeDecrypt, loadData->cipherPass);
data/pgbackrest-2.30/src/info/manifest.c:3078:50: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
loadData->manifest = manifestNewLoad(read);
data/pgbackrest-2.30/src/info/manifest.h:160:35: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Manifest *manifestNewLoad(IoRead *read);
data/pgbackrest-2.30/src/protocol/client.c:39:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
IoRead *read;
data/pgbackrest-2.30/src/protocol/client.c:63:70: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
protocolClientNew(const String *name, const String *service, IoRead *read, IoWrite *write)
data/pgbackrest-2.30/src/protocol/client.c:68:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
FUNCTION_LOG_PARAM(IO_READ, read);
data/pgbackrest-2.30/src/protocol/client.c:73:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ASSERT(read != NULL);
data/pgbackrest-2.30/src/protocol/client.c:87:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
.read = read,
data/pgbackrest-2.30/src/protocol/client.c:95:49: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
String *greeting = ioReadLine(this->read);
data/pgbackrest-2.30/src/protocol/client.c:200:45: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
String *response = ioReadLine(this->read);
data/pgbackrest-2.30/src/protocol/client.c:299:35: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
result = ioReadLine(this->read);
data/pgbackrest-2.30/src/protocol/client.c:339:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
FUNCTION_TEST_RETURN(this->read);
data/pgbackrest-2.30/src/protocol/client.h:45:86: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ProtocolClient *protocolClientNew(const String *name, const String *service, IoRead *read, IoWrite *write);
data/pgbackrest-2.30/src/protocol/server.c:28:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
IoRead *read;
data/pgbackrest-2.30/src/protocol/server.c:39:70: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
protocolServerNew(const String *name, const String *service, IoRead *read, IoWrite *write)
data/pgbackrest-2.30/src/protocol/server.c:44:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
FUNCTION_LOG_PARAM(IO_READ, read);
data/pgbackrest-2.30/src/protocol/server.c:49:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ASSERT(read != NULL);
data/pgbackrest-2.30/src/protocol/server.c:62:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
.read = read,
data/pgbackrest-2.30/src/protocol/server.c:145:65: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
KeyValue *commandKv = jsonToKv(ioReadLine(this->read));
data/pgbackrest-2.30/src/protocol/server.c:296:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
FUNCTION_TEST_RETURN(this->read);
data/pgbackrest-2.30/src/protocol/server.h:26:86: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ProtocolServer *protocolServerNew(const String *name, const String *service, IoRead *read, IoWrite *write);
data/pgbackrest-2.30/src/storage/posix/read.c:124:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
actualBytes = read(this->fd, bufRemainsPtr(buffer), expectedBytes);
data/pgbackrest-2.30/src/storage/remote/read.c:28:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
StorageRead *read; // Storage read interface
data/pgbackrest-2.30/src/storage/remote/read.c:69:55: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioReadFilterGroup(storageReadIo(this->read)), compressFilter(compressTypeGz, (int)this->interface.compressLevel));
data/pgbackrest-2.30/src/storage/remote/read.c:76:102: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
protocolCommandParamAdd(command, ioFilterGroupParamAll(ioReadFilterGroup(storageReadIo(this->read))));
data/pgbackrest-2.30/src/storage/remote/read.c:81:66: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioFilterGroupClear(ioReadFilterGroup(storageReadIo(this->read)));
data/pgbackrest-2.30/src/storage/remote/read.c:85:68: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioFilterGroupAdd(ioReadFilterGroup(storageReadIo(this->read)), decompressFilter(compressTypeGz));
data/pgbackrest-2.30/src/storage/remote/read.c:126:67: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioReadFilterGroup(storageReadIo(this->read)), protocolClientReadOutput(this->client, true));
data/pgbackrest-2.30/src/storage/remote/read.c:231:45: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
FUNCTION_LOG_RETURN(STORAGE_READ, this->read);
data/pgbackrest-2.30/src/storage/storage.c:119:47: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioRead(storageReadIo(source), read);
data/pgbackrest-2.30/src/storage/storage.c:120:54: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioWrite(storageWriteIo(destination), read);
data/pgbackrest-2.30/src/storage/storage.c:121:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bufUsedZero(read);
data/pgbackrest-2.30/src/storage/storage.c:211:49: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioRead(storageReadIo(file), read);
data/pgbackrest-2.30/src/storage/storage.c:214:36: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bufCat(result, read);
data/pgbackrest-2.30/src/storage/storage.c:215:33: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bufUsedZero(read);
data/pgbackrest-2.30/test/src/common/harnessLog.c:159:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
actualBytes = read(fd, harnessLogBuffer, sizeof(harnessLogBuffer) - totalBytes);
data/pgbackrest-2.30/test/src/common/harnessLog.c:331:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
CHECK((size_t)((int)strlen(harnessLogBuffer) + diff) < sizeof(harnessLogBuffer) - 1);
data/pgbackrest-2.30/test/src/common/harnessLog.c:334:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(end + diff, end, strlen(end) + 1);
data/pgbackrest-2.30/test/src/common/harnessPq.c:232:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(errbuf, harnessPq->resultZ, (size_t)errbufsize);
data/pgbackrest-2.30/test/src/common/harnessServer.c:210:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void hrnServerRun(IoRead *read, HrnServerProtocol protocol, HrnServerRunParam param)
data/pgbackrest-2.30/test/src/common/harnessServer.c:213:41: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
FUNCTION_HARNESS_PARAM(IO_READ, read);
data/pgbackrest-2.30/test/src/common/harnessServer.c:220:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ASSERT(read != NULL);
data/pgbackrest-2.30/test/src/common/harnessServer.c:227:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioReadOpen(read);
data/pgbackrest-2.30/test/src/common/harnessServer.c:317:50: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
HrnServerCmd cmd = jsonToUInt(ioReadLine(read));
data/pgbackrest-2.30/test/src/common/harnessServer.c:318:52: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const Variant *data = jsonToVar(ioReadLine(read));
data/pgbackrest-2.30/test/src/common/harnessServer.h:44:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define hrnServerRunP(read, protocol, ...) \
data/pgbackrest-2.30/test/src/common/harnessServer.h:45:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
hrnServerRun(read, protocol, (HrnServerRunParam){VAR_PARAM_INIT, __VA_ARGS__})
data/pgbackrest-2.30/test/src/common/harnessServer.h:47:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void hrnServerRun(IoRead *read, HrnServerProtocol protocol, HrnServerRunParam param);
data/pgbackrest-2.30/test/src/common/harnessStorage.c:97:74: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioFilterGroupAdd(ioReadFilterGroup(storageReadIo(read)), decompressFilter(compressTypeGz));
data/pgbackrest-2.30/test/src/common/harnessStorage.c:98:52: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
size = bufUsed(storageGetP(read));
data/pgbackrest-2.30/test/src/common/harnessTest.c:95:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(testUserTemp) > sizeof(testUserData) - 1)
data/pgbackrest-2.30/test/src/common/harnessTest.c:110:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(testGroupTemp) > sizeof(testGroupData) - 1)
data/pgbackrest-2.30/test/src/common/harnessTest.c:264:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *end = begin + strlen(substring);
data/pgbackrest-2.30/test/src/common/harnessTest.c:265:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int diff = (int)strlen(replace) - (int)strlen(substring);
data/pgbackrest-2.30/test/src/common/harnessTest.c:265:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int diff = (int)strlen(replace) - (int)strlen(substring);
data/pgbackrest-2.30/test/src/common/harnessTest.c:268:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
CHECK((size_t)((int)strlen(string) + diff) < bufferSize - 1);
data/pgbackrest-2.30/test/src/common/harnessTest.c:271:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(end + diff, end, strlen(end) + 1);
data/pgbackrest-2.30/test/src/common/harnessTest.c:272:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(begin, replace, strlen(replace));
data/pgbackrest-2.30/test/src/common/harnessTest.c:275:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
begin = strstr(begin + strlen(replace), substring);
data/pgbackrest-2.30/test/src/common/harnessTest.c:294:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ASSERT(strlen(string) < sizeof(harnessReplaceKeyBuffer) - 1);
data/pgbackrest-2.30/test/src/common/harnessTest.c:321:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t bufferRead = read(result, buffer, bufferSize);
data/pgbackrest-2.30/test/src/common/harnessTest.c:374:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hrnFileWrite(expectedFile, (unsigned char *)expected, strlen(expected));
data/pgbackrest-2.30/test/src/common/harnessTest.c:379:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hrnFileWrite(actualFile, (unsigned char *)actual, strlen(actual));
data/pgbackrest-2.30/test/src/common/harnessTest.c:398:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
harnessDiffBuffer[strlen(harnessDiffBuffer) - 1] = 0;
data/pgbackrest-2.30/test/src/module/command/archivePushTest.c:542:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioReadOpen(read);
data/pgbackrest-2.30/test/src/module/command/archivePushTest.c:551:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioReadLine(read);
data/pgbackrest-2.30/test/src/module/command/archivePushTest.c:560:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioReadOpen(read);
data/pgbackrest-2.30/test/src/module/command/archivePushTest.c:565:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioReadLine(read);
data/pgbackrest-2.30/test/src/module/command/backupTest.c:64:53: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioReadFilterGroup(storageReadIo(read)), decompressFilter(data->manifestData->backupOptionCompressType));
data/pgbackrest-2.30/test/src/module/command/backupTest.c:69:62: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioFilterGroupAdd(ioReadFilterGroup(storageReadIo(read)), cryptoHashNew(HASH_TYPE_SHA1_STR));
data/pgbackrest-2.30/test/src/module/command/backupTest.c:71:49: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint64_t size = bufUsed(storageGetP(read));
data/pgbackrest-2.30/test/src/module/command/backupTest.c:73:69: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioFilterGroupResult(ioReadFilterGroup(storageReadIo(read)), CRYPTO_HASH_FILTER_TYPE_STR));
data/pgbackrest-2.30/test/src/module/command/controlTest.c:154:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioReadOpen(read);
data/pgbackrest-2.30/test/src/module/command/controlTest.c:167:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioReadLine(read);
data/pgbackrest-2.30/test/src/module/command/controlTest.c:177:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioReadOpen(read);
data/pgbackrest-2.30/test/src/module/command/controlTest.c:182:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioReadLine(read);
data/pgbackrest-2.30/test/src/module/command/controlTest.c:211:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioReadOpen(read);
data/pgbackrest-2.30/test/src/module/command/controlTest.c:224:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioReadLine(read);
data/pgbackrest-2.30/test/src/module/command/controlTest.c:234:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioReadOpen(read);
data/pgbackrest-2.30/test/src/module/command/controlTest.c:239:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioReadLine(read);
data/pgbackrest-2.30/test/src/module/command/controlTest.c:263:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioReadOpen(read);
data/pgbackrest-2.30/test/src/module/command/controlTest.c:275:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioReadLine(read);
data/pgbackrest-2.30/test/src/module/command/controlTest.c:282:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioReadOpen(read);
data/pgbackrest-2.30/test/src/module/command/controlTest.c:287:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioReadLine(read);
data/pgbackrest-2.30/test/src/module/command/controlTest.c:311:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioReadOpen(read);
data/pgbackrest-2.30/test/src/module/command/controlTest.c:324:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioReadLine(read);
data/pgbackrest-2.30/test/src/module/command/controlTest.c:335:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioReadOpen(read);
data/pgbackrest-2.30/test/src/module/command/controlTest.c:340:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioReadLine(read);
data/pgbackrest-2.30/test/src/module/command/localTest.c:48:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioReadOpen(read);
data/pgbackrest-2.30/test/src/module/command/localTest.c:52:104: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ProtocolClient *client = protocolClientNew(strNew("test"), PROTOCOL_SERVICE_LOCAL_STR, read, write);
data/pgbackrest-2.30/test/src/module/command/remoteTest.c:47:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioReadOpen(read);
data/pgbackrest-2.30/test/src/module/command/remoteTest.c:51:105: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ProtocolClient *client = protocolClientNew(strNew("test"), PROTOCOL_SERVICE_REMOTE_STR, read, write);
data/pgbackrest-2.30/test/src/module/command/remoteTest.c:83:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioReadOpen(read);
data/pgbackrest-2.30/test/src/module/command/remoteTest.c:88:100: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
TEST_ASSIGN(client, protocolClientNew(strNew("test"), PROTOCOL_SERVICE_REMOTE_STR, read, write), "create client");
data/pgbackrest-2.30/test/src/module/command/remoteTest.c:119:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioReadOpen(read);
data/pgbackrest-2.30/test/src/module/command/remoteTest.c:124:84: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
protocolClientNew(strNew("test"), PROTOCOL_SERVICE_REMOTE_STR, read, write), PathCreateError,
data/pgbackrest-2.30/test/src/module/command/remoteTest.c:151:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioReadOpen(read);
data/pgbackrest-2.30/test/src/module/command/remoteTest.c:156:100: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
TEST_ASSIGN(client, protocolClientNew(strNew("test"), PROTOCOL_SERVICE_REMOTE_STR, read, write), "create client");
data/pgbackrest-2.30/test/src/module/command/remoteTest.c:189:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioReadOpen(read);
data/pgbackrest-2.30/test/src/module/command/remoteTest.c:196:84: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
protocolClientNew(strNew("test"), PROTOCOL_SERVICE_REMOTE_STR, read, write), StopError,
data/pgbackrest-2.30/test/src/module/common/compressTest.c:55:40: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioFilterGroupAdd(ioReadFilterGroup(read), decompress);
data/pgbackrest-2.30/test/src/module/common/compressTest.c:56:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioReadOpen(read);
data/pgbackrest-2.30/test/src/module/common/compressTest.c:58:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (!ioReadEof(read))
data/pgbackrest-2.30/test/src/module/common/compressTest.c:60:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioRead(read, output);
data/pgbackrest-2.30/test/src/module/common/compressTest.c:65:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioReadClose(read);
data/pgbackrest-2.30/test/src/module/common/compressTest.c:80:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Buffer *decompressed = bufNewC(simpleData, strlen(simpleData));
data/pgbackrest-2.30/test/src/module/common/cryptoTest.c:95:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
TEST_RESULT_UINT(cipherBlock->passSize, strlen(TEST_PASS), "passphrase size is valid");
data/pgbackrest-2.30/test/src/module/common/cryptoTest.c:96:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
TEST_RESULT_BOOL(memcmp(cipherBlock->pass, TEST_PASS, strlen(TEST_PASS)) == 0, true, "passphrase is valid");
data/pgbackrest-2.30/test/src/module/common/cryptoTest.c:113:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cipherBlockProcessSize(blockEncrypt, strlen(TEST_PLAINTEXT)),
data/pgbackrest-2.30/test/src/module/common/cryptoTest.c:114:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(TEST_PLAINTEXT) + EVP_MAX_BLOCK_LENGTH + CIPHER_BLOCK_MAGIC_SIZE + PKCS5_SALT_LEN, "check process size");
data/pgbackrest-2.30/test/src/module/common/cryptoTest.c:131:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cipherBlockProcessSize(blockEncrypt, strlen(TEST_PLAINTEXT)),
data/pgbackrest-2.30/test/src/module/common/cryptoTest.c:132:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(TEST_PLAINTEXT) + EVP_MAX_BLOCK_LENGTH, "check process size");
data/pgbackrest-2.30/test/src/module/common/cryptoTest.c:171:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
TEST_RESULT_UINT(bufUsed(decryptBuffer), strlen(TEST_PLAINTEXT) * 2, "check final decrypt size");
data/pgbackrest-2.30/test/src/module/common/cryptoTest.c:211:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
TEST_RESULT_UINT(bufUsed(decryptBuffer), strlen(TEST_PLAINTEXT) * 2, "check final decrypt size");
data/pgbackrest-2.30/test/src/module/common/encodeTest.c:21:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
TEST_RESULT_UINT(encodeToStrSize(encodeBase64, 1), strlen(destinationEncode), "check size");
data/pgbackrest-2.30/test/src/module/common/encodeTest.c:25:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
TEST_RESULT_UINT(encodeToStrSize(encodeBase64, 2), strlen(destinationEncode), "check size");
data/pgbackrest-2.30/test/src/module/common/encodeTest.c:29:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
TEST_RESULT_UINT(encodeToStrSize(encodeBase64, 3), strlen(destinationEncode), "check size");
data/pgbackrest-2.30/test/src/module/common/encodeTest.c:31:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
encodeToStr(encodeBase64, encode, strlen((char *)encode) - 2, destinationEncode);
data/pgbackrest-2.30/test/src/module/common/encodeTest.c:33:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
TEST_RESULT_UINT(encodeToStrSize(encodeBase64, strlen((char *)encode) - 2), strlen(destinationEncode), "check size");
data/pgbackrest-2.30/test/src/module/common/encodeTest.c:33:85: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
TEST_RESULT_UINT(encodeToStrSize(encodeBase64, strlen((char *)encode) - 2), strlen(destinationEncode), "check size");
data/pgbackrest-2.30/test/src/module/common/encodeTest.c:35:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
encodeToStr(encodeBase64, encode, strlen((char *)encode), destinationEncode);
data/pgbackrest-2.30/test/src/module/common/encodeTest.c:37:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
TEST_RESULT_UINT(encodeToStrSize(encodeBase64, strlen((char *)encode)), strlen(destinationEncode), "check size");
data/pgbackrest-2.30/test/src/module/common/encodeTest.c:37:81: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
TEST_RESULT_UINT(encodeToStrSize(encodeBase64, strlen((char *)encode)), strlen(destinationEncode), "check size");
data/pgbackrest-2.30/test/src/module/common/encodeTest.c:39:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
encodeToStr(encodeBase64, encode, strlen((char *)encode) + 1, destinationEncode);
data/pgbackrest-2.30/test/src/module/common/encodeTest.c:41:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
TEST_RESULT_UINT(encodeToStrSize(encodeBase64, strlen((char *)encode) + 1), strlen(destinationEncode), "check size");
data/pgbackrest-2.30/test/src/module/common/encodeTest.c:41:85: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
TEST_RESULT_UINT(encodeToStrSize(encodeBase64, strlen((char *)encode) + 1), strlen(destinationEncode), "check size");
data/pgbackrest-2.30/test/src/module/common/encodeTest.c:43:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
TEST_ERROR(encodeToStr(999, encode, strlen((char *)encode), destinationEncode), AssertError, "invalid encode type 999");
data/pgbackrest-2.30/test/src/module/common/encodeTest.c:44:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
TEST_ERROR(encodeToStrSize(999, strlen((char *)encode)), AssertError, "invalid encode type 999");
data/pgbackrest-2.30/test/src/module/common/encodeTest.c:53:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
TEST_RESULT_INT(destinationDecode[strlen((char *)encode) + 1], 0xFF, "check for overrun");
data/pgbackrest-2.30/test/src/module/common/encodeTest.c:54:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
TEST_RESULT_UINT(decodeToBinSize(encodeBase64, decode), strlen((char *)encode) + 1, "check size");
data/pgbackrest-2.30/test/src/module/common/encodeTest.c:59:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
TEST_RESULT_INT(memcmp(destinationDecode, encode, strlen((char *)encode)), 0, "full string with \\r\\n decode");
data/pgbackrest-2.30/test/src/module/common/encodeTest.c:60:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
TEST_RESULT_INT(destinationDecode[strlen((char *)encode)], 0xFF, "check for overrun");
data/pgbackrest-2.30/test/src/module/common/encodeTest.c:61:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
TEST_RESULT_UINT(decodeToBinSize(encodeBase64, decode), strlen((char *)encode), "check size");
data/pgbackrest-2.30/test/src/module/common/encodeTest.c:66:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
TEST_RESULT_INT(memcmp(destinationDecode, encode, strlen((char *)encode) - 2), 0, "full string decode");
data/pgbackrest-2.30/test/src/module/common/encodeTest.c:67:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
TEST_RESULT_INT(destinationDecode[strlen((char *)encode) - 2], 0xFF, "check for overrun");
data/pgbackrest-2.30/test/src/module/common/encodeTest.c:68:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
TEST_RESULT_UINT(decodeToBinSize(encodeBase64, decode), strlen((char *)encode) - 2, "check size");
data/pgbackrest-2.30/test/src/module/common/errorTest.c:157:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(errorMessage()) == sizeof(messageBuffer) - 1);
data/pgbackrest-2.30/test/src/module/common/forkTest.c:29:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
TEST_RESULT_INT(write(STDIN_FILENO, buffer, strlen(buffer)), -1, "write to stdin fails");
data/pgbackrest-2.30/test/src/module/common/forkTest.c:30:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
TEST_RESULT_INT(write(STDOUT_FILENO, buffer, strlen(buffer)), -1, "write to stdout fails");
data/pgbackrest-2.30/test/src/module/common/forkTest.c:31:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
TEST_RESULT_INT(write(STDERR_FILENO, buffer, strlen(buffer)), -1, "write to stderr fails");
data/pgbackrest-2.30/test/src/module/common/ioTest.c:272:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read, ioReadNewP((void *)998, .close = testIoReadClose, .open = testIoReadOpen, .read = testIoRead),
data/pgbackrest-2.30/test/src/module/common/ioTest.c:275:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
TEST_RESULT_BOOL(ioReadOpen(read), false, " open io object");
data/pgbackrest-2.30/test/src/module/common/ioTest.c:278:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read, ioReadNewP((void *)999, .close = testIoReadClose, .open = testIoReadOpen, .read = testIoRead),
data/pgbackrest-2.30/test/src/module/common/ioTest.c:281:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
TEST_RESULT_BOOL(ioReadOpen(read), true, " open io object");
data/pgbackrest-2.30/test/src/module/common/ioTest.c:282:39: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
TEST_RESULT_BOOL(ioReadReadyP(read), true, "read defaults to ready");
data/pgbackrest-2.30/test/src/module/common/ioTest.c:283:33: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
TEST_RESULT_UINT(ioRead(read, buffer), 2, " read 2 bytes");
data/pgbackrest-2.30/test/src/module/common/ioTest.c:284:36: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
TEST_RESULT_BOOL(ioReadEof(read), false, " no eof");
data/pgbackrest-2.30/test/src/module/common/ioTest.c:285:38: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
TEST_RESULT_VOID(ioReadClose(read), " close io object");
data/pgbackrest-2.30/test/src/module/common/ioTest.c:288:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
TEST_RESULT_VOID(ioReadFree(read), " free read object");
data/pgbackrest-2.30/test/src/module/common/ioTest.c:402:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioReadOpen(read);
data/pgbackrest-2.30/test/src/module/common/ioTest.c:406:33: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
TEST_RESULT_UINT(ioRead(read, buffer), 3, "read buffer");
data/pgbackrest-2.30/test/src/module/common/ioTest.c:410:38: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
TEST_RESULT_STR_Z(ioReadLine(read), "123", "read line");
data/pgbackrest-2.30/test/src/module/common/ioTest.c:411:38: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
TEST_RESULT_STR_Z(ioReadLine(read), "1234", "read line");
data/pgbackrest-2.30/test/src/module/common/ioTest.c:412:38: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
TEST_RESULT_STR_Z(ioReadLine(read), "", "read line");
data/pgbackrest-2.30/test/src/module/common/ioTest.c:413:38: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
TEST_RESULT_STR_Z(ioReadLine(read), "12", "read line");
data/pgbackrest-2.30/test/src/module/common/ioTest.c:416:33: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
TEST_RESULT_UINT(ioRead(read, buffer), 0, "read buffer");
data/pgbackrest-2.30/test/src/module/common/ioTest.c:418:33: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
TEST_RESULT_UINT(ioRead(read, buffer), 1, "read buffer");
data/pgbackrest-2.30/test/src/module/common/ioTest.c:423:33: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
TEST_RESULT_UINT(ioRead(read, buffer), 3, "read buffer");
data/pgbackrest-2.30/test/src/module/common/ioTest.c:427:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
TEST_ERROR(ioReadLine(read), FileReadError, "unexpected eof while reading line");
data/pgbackrest-2.30/test/src/module/common/ioTest.c:431:33: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
TEST_RESULT_UINT(ioRead(read, buffer), 2, "read buffer");
data/pgbackrest-2.30/test/src/module/common/ioTest.c:435:33: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
TEST_RESULT_UINT(ioRead(read, buffer), 1, "read buffer");
data/pgbackrest-2.30/test/src/module/common/ioTest.c:439:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
TEST_ERROR(ioReadLine(read), FileReadError, "unexpected eof while reading line");
data/pgbackrest-2.30/test/src/module/common/ioTest.c:440:33: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
TEST_RESULT_UINT(ioRead(read, buffer), 0, "read buffer");
data/pgbackrest-2.30/test/src/module/common/ioTest.c:445:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioReadOpen(read);
data/pgbackrest-2.30/test/src/module/common/ioTest.c:446:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
TEST_ERROR(ioReadLine(read), FileReadError, "unable to find line in 10 byte buffer");
data/pgbackrest-2.30/test/src/module/common/ioTest.c:450:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioReadOpen(read);
data/pgbackrest-2.30/test/src/module/common/ioTest.c:451:43: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
TEST_RESULT_STR_Z(ioReadLineParam(read, true), "1234", "read line without eof");
data/pgbackrest-2.30/test/src/module/common/ioTest.c:472:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read, ioReadNewP((void *)998, .close = testIoReadClose, .open = testIoReadOpen, .read = testIoRead),
data/pgbackrest-2.30/test/src/module/common/ioTest.c:474:38: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
TEST_RESULT_BOOL(ioReadDrain(read), false, "cannot open");
data/pgbackrest-2.30/test/src/module/common/ioTest.c:571:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioReadOpen(read);
data/pgbackrest-2.30/test/src/module/common/ioTest.c:572:42: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
TEST_RESULT_INT(ioReadFd(read), ((IoFdRead *)ioReadDriver(read))->fd, "check fd");
data/pgbackrest-2.30/test/src/module/common/ioTest.c:572:75: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
TEST_RESULT_INT(ioReadFd(read), ((IoFdRead *)ioReadDriver(read))->fd, "check fd");
data/pgbackrest-2.30/test/src/module/common/ioTest.c:573:49: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
TEST_RESULT_PTR(ioReadInterface(read), &read->interface, "check interface");
data/pgbackrest-2.30/test/src/module/common/ioTest.c:574:46: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
TEST_RESULT_PTR(ioReadDriver(read), read->driver, "check driver");
data/pgbackrest-2.30/test/src/module/common/ioTest.c:577:46: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
TEST_RESULT_STR_Z(ioReadLine(read), "test string 1", "read test string");
data/pgbackrest-2.30/test/src/module/common/ioTest.c:583:47: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
TEST_RESULT_BOOL(ioReadReadyP(read), false, "read is not ready (without throwing error)");
data/pgbackrest-2.30/test/src/module/common/ioTest.c:586:35: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
TEST_ERROR(ioRead(read, buffer), FileReadError, "timeout after 1000ms waiting for read from 'read test'");
data/pgbackrest-2.30/test/src/module/common/ioTest.c:593:41: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
TEST_RESULT_UINT(ioRead(read, buffer), 12, "read buffer");
data/pgbackrest-2.30/test/src/module/common/ioTest.c:595:41: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
TEST_RESULT_UINT(ioRead(read, buffer), 4, "read buffer");
data/pgbackrest-2.30/test/src/module/common/ioTest.c:601:56: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
TEST_RESULT_UINT(ioFdRead(ioReadDriver(read), buffer, true), 0, "read buffer at eof");
data/pgbackrest-2.30/test/src/module/common/ioTest.c:602:56: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
TEST_RESULT_UINT(ioFdRead(ioReadDriver(read), buffer, true), 0, "read buffer at eof again");
data/pgbackrest-2.30/test/src/module/common/logTest.c:55:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(actualBytes = read(fd, buffer, bufferSize - totalBytes)) == -1, FileOpenError, "unable to read log file '%s'",
data/pgbackrest-2.30/test/src/module/common/stackTraceTest.c:132:97: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizeof(stackTraceLocal.functionParamBuffer) - (STACK_TRACE_PARAM_MAX * 2) - strlen("param1") - 4 -
data/pgbackrest-2.30/test/src/module/common/typeStringTest.c:32:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
TEST_RESULT_UINT(strlen(strZ(string)), 13, "check size with strlen()");
data/pgbackrest-2.30/test/src/module/common/typeXmlTest.c:16:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
TEST_ERROR(xmlDocumentNewBuf(bufNewC(BOGUS_STR, strlen(BOGUS_STR))), FormatError, "invalid xml");
data/pgbackrest-2.30/test/src/module/config/loadTest.c:400:9: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(0111);
data/pgbackrest-2.30/test/src/module/config/loadTest.c:402:25: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
TEST_RESULT_INT(umask(0111), 0000, " umask was reset");
data/pgbackrest-2.30/test/src/module/config/loadTest.c:417:9: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(0111);
data/pgbackrest-2.30/test/src/module/config/loadTest.c:419:25: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
TEST_RESULT_INT(umask(0), 0111, " umask was not reset");
data/pgbackrest-2.30/test/src/module/config/protocolTest.c:28:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioReadOpen(read);
data/pgbackrest-2.30/test/src/module/config/protocolTest.c:39:94: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ProtocolServer *server = protocolServerNew(strNew("test"), strNew("config"), read, write);
data/pgbackrest-2.30/test/src/module/config/protocolTest.c:48:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioReadOpen(read);
data/pgbackrest-2.30/test/src/module/config/protocolTest.c:52:94: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ProtocolClient *client = protocolClientNew(strNew("test"), strNew("config"), read, write);
data/pgbackrest-2.30/test/src/module/db/dbTest.c:67:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioReadOpen(read);
data/pgbackrest-2.30/test/src/module/db/dbTest.c:101:97: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
TEST_ASSIGN(server, protocolServerNew(strNew("db test server"), strNew("test"), read, write), "create server");
data/pgbackrest-2.30/test/src/module/db/dbTest.c:111:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioReadOpen(read);
data/pgbackrest-2.30/test/src/module/db/dbTest.c:119:97: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
TEST_ASSIGN(client, protocolClientNew(strNew("db test client"), strNew("test"), read, write), "create client");
data/pgbackrest-2.30/test/src/module/info/infoTest.c:138:44: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioFilterGroupAdd(ioReadFilterGroup(read), cipherBlockNew(cipherModeDecrypt, cipherTypeAes256Cbc, BUFSTRDEF("X"), NULL));
data/pgbackrest-2.30/test/src/module/info/infoTest.c:141:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
infoNewLoad(read, harnessInfoLoadNewCallback, callbackContent), CryptoError,
data/pgbackrest-2.30/test/src/module/performance/storageTest.c:174:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioReadOpen(read);
data/pgbackrest-2.30/test/src/module/performance/storageTest.c:178:107: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ProtocolServer *server = protocolServerNew(strNew("storage test server"), strNew("test"), read, write);
data/pgbackrest-2.30/test/src/module/performance/storageTest.c:189:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioReadOpen(read);
data/pgbackrest-2.30/test/src/module/performance/storageTest.c:193:107: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ProtocolClient *client = protocolClientNew(strNew("storage test client"), strNew("test"), read, write);
data/pgbackrest-2.30/test/src/module/performance/storageTest.c:264:52: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioFilterGroupAdd(ioReadFilterGroup(read), testIoRateNew(rateIn * 1000 * 1000)); \
data/pgbackrest-2.30/test/src/module/performance/storageTest.c:265:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioReadOpen(read); \
data/pgbackrest-2.30/test/src/module/performance/storageTest.c:273:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioRead(read, buffer); \
data/pgbackrest-2.30/test/src/module/performance/storageTest.c:277:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (!ioReadEof(read)); \
data/pgbackrest-2.30/test/src/module/performance/storageTest.c:279:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioReadClose(read); \
data/pgbackrest-2.30/test/src/module/protocol/protocolTest.c:420:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioReadOpen(read);
data/pgbackrest-2.30/test/src/module/protocol/protocolTest.c:442:46: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
TEST_RESULT_STR_Z(ioReadLine(read), "{\"cmd\":\"noop\"}", "noop");
data/pgbackrest-2.30/test/src/module/protocol/protocolTest.c:447:46: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
TEST_RESULT_STR_Z(ioReadLine(read), "{\"cmd\":\"noop\"}", "noop with error text");
data/pgbackrest-2.30/test/src/module/protocol/protocolTest.c:451:46: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
TEST_RESULT_STR_Z(ioReadLine(read), "{\"cmd\":\"noop\"}", "noop with no error text");
data/pgbackrest-2.30/test/src/module/protocol/protocolTest.c:456:46: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
TEST_RESULT_STR_Z(ioReadLine(read), "{\"cmd\":\"noop\"}", "noop with parameters returned");
data/pgbackrest-2.30/test/src/module/protocol/protocolTest.c:461:46: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
TEST_RESULT_STR_Z(ioReadLine(read), "{\"cmd\":\"test\"}", "test command");
data/pgbackrest-2.30/test/src/module/protocol/protocolTest.c:467:46: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
TEST_RESULT_STR_Z(ioReadLine(read), "{\"cmd\":\"invalid-line\"}", "invalid line command");
data/pgbackrest-2.30/test/src/module/protocol/protocolTest.c:472:46: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
TEST_RESULT_STR_Z(ioReadLine(read), "{\"cmd\":\"error-instead-of-output\"}", "error instead of output command");
data/pgbackrest-2.30/test/src/module/protocol/protocolTest.c:477:46: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
TEST_RESULT_STR_Z(ioReadLine(read), "{\"cmd\":\"unexpected-output\"}", "unexpected output");
data/pgbackrest-2.30/test/src/module/protocol/protocolTest.c:482:46: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
TEST_RESULT_STR_Z(ioReadLine(read), "{\"cmd\":\"invalid-prefix\"}", "invalid prefix");
data/pgbackrest-2.30/test/src/module/protocol/protocolTest.c:487:46: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
TEST_RESULT_STR_Z(ioReadLine(read), "{\"cmd\":\"exit\"}", "exit command");
data/pgbackrest-2.30/test/src/module/protocol/protocolTest.c:494:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioReadOpen(read);
data/pgbackrest-2.30/test/src/module/protocol/protocolTest.c:500:78: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
protocolClientNew(strNew("test client"), strNew("test"), read, write), JsonFormatError,
data/pgbackrest-2.30/test/src/module/protocol/protocolTest.c:503:78: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
protocolClientNew(strNew("test client"), strNew("test"), read, write), ProtocolError,
data/pgbackrest-2.30/test/src/module/protocol/protocolTest.c:506:78: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
protocolClientNew(strNew("test client"), strNew("test"), read, write), ProtocolError,
data/pgbackrest-2.30/test/src/module/protocol/protocolTest.c:509:78: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
protocolClientNew(strNew("test client"), strNew("test"), read, write), ProtocolError,
data/pgbackrest-2.30/test/src/module/protocol/protocolTest.c:513:78: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
protocolClientNew(strNew("test client"), strNew("test"), read, write), ProtocolError,
data/pgbackrest-2.30/test/src/module/protocol/protocolTest.c:517:78: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
protocolClientNew(strNew("test client"), strNew("test"), read, write), ProtocolError,
data/pgbackrest-2.30/test/src/module/protocol/protocolTest.c:529:86: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
protocolClientNew(strNew("test client"), strNew("test"), read, write), memContextPrior()),
data/pgbackrest-2.30/test/src/module/protocol/protocolTest.c:535:71: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
TEST_RESULT_PTR(protocolClientIoRead(client), client->read, "get read io");
data/pgbackrest-2.30/test/src/module/protocol/protocolTest.c:603:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioReadOpen(read);
data/pgbackrest-2.30/test/src/module/protocol/protocolTest.c:609:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioReadLine(read), "{\"name\":\"pgBackRest\",\"service\":\"test\",\"version\":\"" PROJECT_VERSION "\"}",
data/pgbackrest-2.30/test/src/module/protocol/protocolTest.c:615:46: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
TEST_RESULT_STR_Z(ioReadLine(read), "{}", "noop result");
data/pgbackrest-2.30/test/src/module/protocol/protocolTest.c:622:64: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
TEST_ASSIGN(result, varKv(jsonToVar(ioReadLine(read))), "parse error result");
data/pgbackrest-2.30/test/src/module/protocol/protocolTest.c:630:46: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
TEST_RESULT_STR_Z(ioReadLine(read), "{\"out\":true}", "simple request result");
data/pgbackrest-2.30/test/src/module/protocol/protocolTest.c:635:64: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
TEST_ASSIGN(result, varKv(jsonToVar(ioReadLine(read))), "parse error result");
data/pgbackrest-2.30/test/src/module/protocol/protocolTest.c:643:46: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
TEST_RESULT_STR_Z(ioReadLine(read), "{\"out\":false}", "complex request result");
data/pgbackrest-2.30/test/src/module/protocol/protocolTest.c:644:46: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
TEST_RESULT_STR_Z(ioReadLine(read), ".LINEOFTEXT", "complex request result");
data/pgbackrest-2.30/test/src/module/protocol/protocolTest.c:645:46: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
TEST_RESULT_STR_Z(ioReadLine(read), ".", "complex request result");
data/pgbackrest-2.30/test/src/module/protocol/protocolTest.c:654:46: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
TEST_RESULT_STR_Z(ioReadLine(read), "{\"out\":true}", "error-until-0 result");
data/pgbackrest-2.30/test/src/module/protocol/protocolTest.c:665:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioReadOpen(read);
data/pgbackrest-2.30/test/src/module/protocol/protocolTest.c:677:86: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
protocolServerNew(strNew("test server"), strNew("test"), read, write), memContextPrior()),
data/pgbackrest-2.30/test/src/module/protocol/protocolTest.c:683:71: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
TEST_RESULT_PTR(protocolServerIoRead(server), server->read, "get read io");
data/pgbackrest-2.30/test/src/module/protocol/protocolTest.c:742:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioReadOpen(read);
data/pgbackrest-2.30/test/src/module/protocol/protocolTest.c:750:46: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
TEST_RESULT_STR_Z(ioReadLine(read), "{\"cmd\":\"noop\"}", "noop");
data/pgbackrest-2.30/test/src/module/protocol/protocolTest.c:754:46: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
TEST_RESULT_STR_Z(ioReadLine(read), "{\"cmd\":\"command1\",\"param\":[\"param1\",\"param2\"]}", "command1");
data/pgbackrest-2.30/test/src/module/protocol/protocolTest.c:760:46: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
TEST_RESULT_STR_Z(ioReadLine(read), "{\"cmd\":\"exit\"}", "exit command");
data/pgbackrest-2.30/test/src/module/protocol/protocolTest.c:768:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioReadOpen(read);
data/pgbackrest-2.30/test/src/module/protocol/protocolTest.c:776:46: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
TEST_RESULT_STR_Z(ioReadLine(read), "{\"cmd\":\"noop\"}", "noop");
data/pgbackrest-2.30/test/src/module/protocol/protocolTest.c:780:46: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
TEST_RESULT_STR_Z(ioReadLine(read), "{\"cmd\":\"command2\",\"param\":[\"param1\"]}", "command2");
data/pgbackrest-2.30/test/src/module/protocol/protocolTest.c:785:46: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
TEST_RESULT_STR_Z(ioReadLine(read), "{\"cmd\":\"command3\",\"param\":[\"param1\"]}", "command3");
data/pgbackrest-2.30/test/src/module/protocol/protocolTest.c:791:46: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
TEST_RESULT_STR_Z(ioReadLine(read), "{\"cmd\":\"exit\"}", "exit command");
data/pgbackrest-2.30/test/src/module/protocol/protocolTest.c:811:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioReadOpen(read);
data/pgbackrest-2.30/test/src/module/protocol/protocolTest.c:818:99: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
protocolClientNew(strNewFmt("test client %u", clientIdx), strNew("test"), read, write),
data/pgbackrest-2.30/test/src/module/protocol/protocolTest.c:829:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioReadOpen(read);
data/pgbackrest-2.30/test/src/module/protocol/protocolTest.c:833:99: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ProtocolClient *clientError = protocolClientNew(strNew("error"), strNew("error"), read, write);
data/pgbackrest-2.30/test/src/module/storage/azureTest.c:71:78: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strCatFmt(request, "content-length:%zu\r\n", param.content == NULL ? 0 : strlen(param.content));
data/pgbackrest-2.30/test/src/module/storage/azureTest.c:160:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(param.content), param.content);
data/pgbackrest-2.30/test/src/module/storage/azureTest.c:357:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
TEST_ASSIGN(read, storageNewReadP(storage, strNew("file.txt"), .ignoreMissing = true), "new read file");
data/pgbackrest-2.30/test/src/module/storage/azureTest.c:358:59: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
TEST_RESULT_BOOL(storageReadIgnoreMissing(read), true, " check ignore missing");
data/pgbackrest-2.30/test/src/module/storage/azureTest.c:359:51: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
TEST_RESULT_STR_Z(storageReadName(read), "/file.txt", " check name");
data/pgbackrest-2.30/test/src/module/storage/azureTest.c:362:46: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioReadOpen(storageReadIo(read)), ProtocolError,
data/pgbackrest-2.30/test/src/module/storage/s3Test.c:76:74: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strCatFmt(request, "content-length:%zu\r\n", param.content != NULL ? strlen(param.content) : 0);
data/pgbackrest-2.30/test/src/module/storage/s3Test.c:178:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(param.content), param.content);
data/pgbackrest-2.30/test/src/module/storage/s3Test.c:586:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
TEST_ASSIGN(read, storageNewReadP(s3, strNew("file.txt"), .ignoreMissing = true), "new read file");
data/pgbackrest-2.30/test/src/module/storage/s3Test.c:587:59: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
TEST_RESULT_BOOL(storageReadIgnoreMissing(read), true, " check ignore missing");
data/pgbackrest-2.30/test/src/module/storage/s3Test.c:588:51: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
TEST_RESULT_STR_Z(storageReadName(read), "/file.txt", " check name");
data/pgbackrest-2.30/test/src/module/storage/s3Test.c:591:46: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ioReadOpen(storageReadIo(read)), ProtocolError,
data/pgbackrest-2.30/test/src/test.c:88:5: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(0000);
ANALYSIS SUMMARY:
Hits = 679
Lines analyzed = 119281 in approximately 3.46 seconds (34498 lines/second)
Physical Source Lines of Code (SLOC) = 82844
Hits@level = [0] 81 [1] 421 [2] 167 [3] 1 [4] 87 [5] 3
Hits@level+ = [0+] 760 [1+] 679 [2+] 258 [3+] 91 [4+] 90 [5+] 3
Hits/KSLOC@level+ = [0+] 9.17387 [1+] 8.19613 [2+] 3.11429 [3+] 1.09845 [4+] 1.08638 [5+] 0.0362126
Dot directories skipped = 2 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.